Aggregator
Submit #665024: SourceCodester Hotel and Lodge Management System 1.0 SQL Injection [Accepted]
Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances
The hacker collective styling itself “Scattered Lapsus$ Hunters”—an alliance echoing elements of ShinyHunters, Scattered Spider, and Lapsus$—has launched an extortionware portal to pressure victims into paying for delisting and purported deletion of stolen data. The group’s leverage centers on Salesforce datasets, reflecting months of intrusions achieved via social engineering, OAuth abuse, and downstream supply chain […]
The post Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CVE-2025-11396 | code-projects Simple Food Ordering System 1.0 /product.php Category sql injection
Black Nevas
You must login to view this content
CVE-2025-59425 | vLLM up to 0.10.2 API improper authentication
CVE-2025-11362 | pdfmake up to 0.3.0-beta.16 allocation of resources (SNYK-JS-PDFMAKE-10223297 / EUVD-2025-32603)
CVE-2025-10162 | Admin and Customer Messages After Order for WooCommerce Plugin path traversal (EUVD-2025-32606)
Submit #665011: Source Code Simple Food Ordering System V1 SQL Injection [Accepted]
Submit #664985: code-projects Online Complaint Site V1.0 sql [Duplicate]
GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
A critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tracked as Storm-1175 have abused this issue to gain remote code execution (RCE) on exposed systems, […]
The post GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Вайб-кодинг как новый техдолг: как ускорять пилоты без хаоса
OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code – PoC Released
A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim’s machine. The vulnerability is a bypass of a previous fix for a similar issue (CVE-2023-51385) and exploits how the ProxyCommand feature interacts with the underlying system shell when handling […]
The post OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code – PoC Released appeared first on Cyber Security News.
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day
The notorious Cl0p ransomware group has been actively exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite (EBS), targeting enterprise customers through CVE-2025-61882. This sophisticated attack campaign has prompted Oracle to issue an emergency security advisory after reports surfaced that multiple organizations received extortion emails from the threat actors. Critical Zero-Day Vulnerability Exposed Oracle confirmed the exploitation […]
The post Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.