Aggregator
Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group
8 months 3 weeks ago
Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data. Harvard University confirmed it was targeted in the Oracle E-Business Suite campaign after the Cl0p ransomware group listed it on its leak site. The cybercrime group claimed to have leaked 1.3 TB of data allegedly […]
Pierluigi Paganini
Red Hat security advisory (AV25-659)
8 months 3 weeks ago
Canadian Centre for Cyber Security
当石油成为武器,我炼油厂为何成了美伊的“头号目标”?
8 months 3 weeks ago
2025年10月9日,美国财政部一纸制裁令,将山东金诚石化集团、日照石化原油码头等数十家企业推上风口浪尖。这
新兴社交媒体平台上OSINT调查工具及技术
8 months 3 weeks ago
在社交媒体上寻找主题线索时,情报开源调查人员通常会从Facebook,Twitter和Instagram开始搜
Microsoft Limits IE Mode in Edge After Chakra Zero-Day Activity Detected
8 months 3 weeks ago
Microsoft restricted access to Edge's IE Mode in August 2025 after hackers used a Chakra zero-day flaw to bypass security and take over user devices. Check out the new steps for enabling IE Mode.
Deeba Ahmed
53% роста за год — это много или очень много? Разбираемся в масштабах кардинга белорусских банков
8 months 3 weeks ago
Почему в даркнете продают даже премиальный «пластик».
When AI Agents Join the Teams: The Hidden Security Shifts No One Expects
8 months 3 weeks ago
AI assistants are no longer just helping — they're acting. Autonomous agents now open tickets, fix incidents, and make decisions faster than humans can monitor. As "Shadow AI" spreads, learn from Token Security why orgs must govern these agents like powerful new identities before oversight disappears. [...]
Sponsored by Token Security
Criminal IP to Showcase ASM and CTI Innovations at GovWare 2025 in Singapore
8 months 3 weeks ago
Torrance, United States, 14th October 2025, CyberNewsWire
CyberNewswire
CVE-2025-58133 | Zoom Rooms up to 6.5.0 improper authentication
8 months 3 weeks ago
A vulnerability has been found in Zoom Rooms up to 6.5.0 and classified as critical. Affected is an unknown function. This manipulation causes improper authentication.
This vulnerability is handled as CVE-2025-58133. The attack can be initiated remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2025-58132 | Zoom Workplace/Workplace VDI Client/Rooms/Meeting SDK up to 6.5.4 on Windows command injection
8 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Zoom Workplace, Workplace VDI Client, Rooms and Meeting SDK up to 6.5.4 on Windows. This impacts an unknown function. The manipulation results in command injection.
This vulnerability is known as CVE-2025-58132. It is possible to launch the attack remotely. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2025-47856 | Fortinet FortiVoice up to 6.4.10/7.0.6/7.2.0 HTTP/HTTPS/CLI os command injection (FG-IR-25-250)
8 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Fortinet FortiVoice up to 6.4.10/7.0.6/7.2.0. This affects an unknown function of the component HTTP/HTTPS/CLI. The manipulation leads to os command injection.
This vulnerability is traded as CVE-2025-47856. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-11716 | Mozilla Firefox up to 143 on Android permission
8 months 3 weeks ago
A vulnerability classified as critical has been found in Mozilla Firefox up to 143 on Android. The affected element is an unknown function. Performing manipulation results in permission issues.
This vulnerability is reported as CVE-2025-11716. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-11716 | Mozilla Thunderbird up to 143 on Android permission
8 months 3 weeks ago
A vulnerability classified as critical was found in Mozilla Thunderbird up to 143 on Android. The impacted element is an unknown function. Executing manipulation can lead to permission issues.
This vulnerability appears as CVE-2025-11716. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-7330 | Rockwell Automation Comms cross-site request forgery
8 months 3 weeks ago
A vulnerability described as problematic has been identified in Rockwell Automation Comms. Impacted is an unknown function. Such manipulation leads to cross-site request forgery.
This vulnerability is documented as CVE-2025-7330. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-11708 | Mozilla Firefox up to 143 GetInstance use after free
8 months 3 weeks ago
A vulnerability labeled as critical has been found in Mozilla Firefox up to 143. This vulnerability affects the function MediaTrackGraphImpl::GetInstance. The manipulation results in use after free.
This vulnerability is cataloged as CVE-2025-11708. The attack may be launched remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2025-11708 | Mozilla Thunderbird up to 143 GetInstance use after free
8 months 3 weeks ago
A vulnerability marked as critical has been reported in Mozilla Thunderbird up to 143. This issue affects the function MediaTrackGraphImpl::GetInstance. This manipulation causes use after free.
This vulnerability is registered as CVE-2025-11708. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-7329 | Rockwell Automation Comms cross site scripting
8 months 3 weeks ago
A vulnerability identified as problematic has been detected in Rockwell Automation Comms. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2025-7329. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-7328 | Rockwell Automation Comms missing authentication
8 months 3 weeks ago
A vulnerability categorized as critical has been discovered in Rockwell Automation Comms. Affected by this issue is some unknown functionality. Executing manipulation can lead to missing authentication.
This vulnerability is tracked as CVE-2025-7328. The physical device can be targeted for the attack. No exploit exists.
vuldb.com
Regula simplifies identity verification with its new all-in-one IDV Platform
8 months 3 weeks ago
Regula has launched its Regula IDV Platform. This ready-to-use orchestration solution is designed to replace fragmented identity verification and management systems with a single, unified workflow. Built to scale according to an organization’s growth pace and fully vendor-agnostic, the platform enables businesses to manage every stage of the identity lifecycle, from onboarding through continuous reverification, without legacy constraints. Today, nearly half of companies worldwide face the same identity verification challenges. Legacy systems lead to fragmentation … More →
The post Regula simplifies identity verification with its new all-in-one IDV Platform appeared first on Help Net Security.
Industry News