Aggregator

Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this dangerous trend, where attackers are weaponizing Velociraptor, a widely respected Digital Forensics and Incident Response (DFIR) tool. By deploying this software, adversaries effectively establish stealthy Command and […]

The post Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery appeared first on Cyber Security News.

一、漏洞概述

漏洞类型

远程代码执行

漏洞等级

高

漏洞编号

CVE-2025-55182

漏洞评分

10.0

利用复杂度

低

影响版本

利用方式

远程

POC/EXP

已公开

漏洞影响的产品和版本：

二、漏洞复现

三、资产测绘

据daydaymap数据显示互联网存在8,209,309个资产，国内风险资产分布情况如下。

四、解决方案

▪ 临时缓解方案

▪ 升级修复

五、参考链接

https://github.com/ejpir/CVE-2025-55182-poc

https://www.ddpoc.com/DVB-2025-10412.html

原文链接

You must login to view this content

You must login to view this content

A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide. The vulnerability, tracked as CVE-2025-6389 with a CVSS score of 9.8, exists in versions 8.3 and earlier of the plugin, which maintains approximately 1,700 active installations […]

The post Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code appeared first on Cyber Security News.

OAuthSeeker is an red team tool for performing phishing attacks using malicious OAuth applications to compromise user identities within

The post OAuthSeeker: Red Team Tool for OAuth Phishing Attacks Against Azure and Office365 appeared first on Penetration Testing Tools.

A critical security vulnerability has been discovered in Vim for Windows that could allow attackers to execute malicious code on users’ computers. The vulnerability, identified as CVE-2025-66476, affects Vim versions before 9.1.1947 and has been rated high severity, with a CVSS score of 7.8. The flaw lies in how Vim searches for external programs on […]

The post Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

A critical HTTP request smuggling vulnerability in Akamai’s edge server infrastructure has been successfully fixed. The vulnerability, identified as CVE-2025-66373, stemmed from improper processing of HTTP requests containing invalid chunk-encoded bodies, potentially exposing thousands of customers to sophisticated attacks. Understanding HTTP Chunked Transfer Encoding HTTP chunked transfer encoding is an HTTP/1.1 standard that breaks message […]

The post Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers appeared first on Cyber Security News.

Kohler’s $600 smart toilet camera system, marketed with promises of “end-to-end encryption,” does not actually implement the security standard as commonly understood in the cybersecurity industry, raising significant privacy concerns for users uploading intimate health data to the company’s servers. The Dekoda device, launched in October, attaches to toilet rims and uses cameras to capture […]

The post Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted appeared first on Cyber Security News.

A joint investigation by BCA LTD, NorthScan, and ANY.RUN has revealed, in real time, one of North Korea’s

The post Lazarus Exposed: Real-Time Sting Tracks North Korean Hackers Recruiting Remote Employees appeared first on Penetration Testing Tools.

AI browsers introduce reasoning-based risks. Learn how cross-origin AI agents dismantle web security and what defenses are needed.

The post Convenience or Catastrophe? The Dangers of AI Browsers No One is Talking About  appeared first on Security Boulevard.