Aggregator

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file loginsystem/edit-profile.php. Such manipulation of the argument fname/lname/contact leads to cross site scripting. This vulnerability is traded as CVE-2025-28016. The attack may be launched remotely. There is no exploit available.

A civil complaint filed by the federal government alleges that the Sendit app illegally collected data from users under 13 and tricked people into paying for subscriptions.

The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the agency has announced on Monday, and CISA will take it upon itself to offer support to US state, local, tribal, and territorial (SLTT) governments by way of grants, tools, and cybersecurity expertise. MS-ISAC funding cut leaves core services intact but trims key support The Center for Internet Security (CIS) runs the Multi-State … More →

The post CISA says it will fill the gap as federal funding for MS-ISAC dries up appeared first on Help Net Security.

Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. [...]

Sep 30, 2025 - Lina Romero - In 2025’s fast-moving cyber landscape, attacks are everywhere and AI and APIs are the biggest targets. We’ve spoken before about hackers exploiting Docker Swarm to launch cryptomining attacks, but now attackers are using Docker APIs for other malicious purposes. It started this June. Trend Micro noticed abnormal activity in Docker’s APIs- attacks that started as requests to exposed APIs to retrieve a list of containers. The bad actors would then create a novel container to connect to the host root and carry out their attack on the host system. However, an encoded payload hidden in the initial request executes a shell script that sets up the Tor browser in the container and fetches a payload over the Tor network (Security Week). The attackers can then deploy a malicious shell script and modify the SSH configuration of the host system. At this point, the attackers deploy a binary acting as a dropper for an XMRig cryptocurrency miner and “all necessary execution stops internally, allowing it to deploy the miner without requiring the download of any external components” in order to avoid detection (Trend Micro). However, this was only the beginning- on September 8th of this year, hackers launched similar attacks, but with a twist: after carrying out the same initial steps, they proceeded to block external access to the Docker API by writing a command to the cron tab file to create a cron job that blocks its access every minute. From there, threat actors can perform mass scans for other open ports, and propagate malware in new containers using the exposed APIs. Researchers from Trend Micro determined that the attackers used AI in the creation of these tools. What is especially troubling is that these attacks are growing more advanced and may only continue to increase in volume and complexity. As AI and API attacks surge, Docker APIs are a popular target for attackers. Maintaining strong API security is the corner store of cybersecurity as a whole- after all, API security IS AI security. To learn more about securing AI and APIs, check out FireTail’s all-in-one approach. Set up a demo or start a free trial today.

The post Docker APIs Targeted – FireTail Blog appeared first on Security Boulevard.

A vulnerability described as problematic has been identified in LibTIFF 4.0.3-35.amzn2.0.1 on Amazon Linux. The impacted element is the function TIFFFetchStripThing of the file tif_dirread.c of the component TIFF File Handler. The manipulation results in uninitialized resource. This vulnerability is reported as CVE-2022-34266. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in lobehub lobe-chat up to 0.150.5. This affects an unknown part of the file /api/proxy. Performing manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2024-32964. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Patika Global HumanSuite up to 53.20.x. The affected element is an unknown function. The manipulation leads to injection. This vulnerability is listed as CVE-2025-8276. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Hitachi Energy Asset Suite up to 9.7. Affected by this issue is some unknown functionality. The manipulation leads to improper output neutralization for logs. This vulnerability is listed as CVE-2025-10217. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code of the component V8. Executing manipulation can lead to type confusion. This vulnerability appears as CVE-2025-10585. The attack may be performed from remote. In addition, an exploit is available. It is recommended to upgrade the affected component.

CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently being exploited in the wild.  This flaw allows local adversaries to bypass access controls and execute arbitrary commands as the root user, even without explicit sudoers privileges. Sudo Chroot Bypass (CVE-2025-32463) Identified as “Inclusion […]

The post CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Cyber Incident Impacts DeKalb County Government Computer System

A vulnerability was found in Mozilla Firefox up to 143.0 on iOS and classified as problematic. This affects an unknown function of the component Cookie Handler. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-10859. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Bimser Solution Software Trade eBA Document and Workflow Management System 6.7.164/6.7.165. It has been classified as problematic. This issue affects some unknown processing. The manipulation leads to authorization bypass. This vulnerability is listed as CVE-2025-8532. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is recommended.

Three new vulnerabilities in Google’s Gemini AI assistant suite could have allowed attackers to exfiltrate users’ saved information and location data. The vulnerabilities uncovered by Tenable, dubbed the “Gemini Trifecta,” highlight how AI systems can be turned into attack vehicles, not just targets. The research exposed significant privacy risks across different components of the Gemini […]

The post Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location appeared first on Cyber Security News.

A vulnerability has been found in PopAd Plugin up to 1.0.4 on WordPress and classified as critical. Affected is an unknown function. This manipulation causes server-side request forgery. This vulnerability appears as CVE-2025-60175. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in WP Gravity Forms HubSpot Plugin up to 1.2.5 on WordPress. This impacts an unknown function. The manipulation results in open redirect. This vulnerability is reported as CVE-2025-60151. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in Super Blank Plugin up to 1.2.0 on WordPress. This affects an unknown function. The manipulation leads to denial of service. This vulnerability is documented as CVE-2025-54741. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in Download After Email Plugin 2.1.5/2.1.6 on WordPress. The impacted element is an unknown function of the component Form Submission Handler. Executing manipulation can lead to improper authorization. This vulnerability is registered as CVE-2025-54743. It is possible to launch the attack remotely. No exploit is available.

The shutdown, confirmed by internet monitoring groups NetBlocks, Kentik and Proton VPN, began late Monday and continued into Tuesday, affecting both mobile and fixed-line services. Telephone networks were also disrupted.