Aggregator

Что творится у горизонта событий, не объясняет ни одна старая теория.

A suspected zero-day vulnerability in SonicWall firewall devices that the Akira ransomware group is actively exploiting. The flaw allows attackers to gain initial access to corporate networks through SonicWall’s SSL VPN feature, leading to subsequent ransomware deployment. In late July 2025, security researchers observed a significant increase in ransomware attacks leveraging SonicWall devices. The evidence […]

The post SonicWall Firewall Devices 0-day Vulnerability Actively Exploited by Akira Ransomware appeared first on Cyber Security News.

This week’s cybersecurity landscape is dominated by the active exploitation of zero-day vulnerabilities and sophisticated supply chain attacks targeting widely […]

The post Weekly Threat Landscape Digest – Week 31 appeared first on HawkEye.

Today we cover ChatGPT Codex as part of the Month of AI Bugs series.

ChatGPT Codex is a cloud-based software engineering agent that answers codebase questions, executes code, and drafts pull requests.

In particular, this post will demonstrate how Codex is vulnerable to prompt injection, and how the use of the “Common Dependencies Allowlist” for Internet access enables an attacker to recruit ChatGPT Codex into a malware botnet.

A critical vulnerability has been discovered in the widely used WordPress theme “Alone — Charity Multipurpose Non-profit”, which is already being exploited by malicious actors to compromise websites. Tracked as CVE-2025-5394, the flaw has...

The post Critical RCE Flaw in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover appeared first on Penetration Testing Tools.

100 моделей ИИ протестировали на безопасность. Почти все провалились.

A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-8506. The attack may be initiated remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-8505. The attack can be initiated remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Submit #627323 / VDB-318605

Submit #627322 / VDB-318604

A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-8504. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to sql injection. This vulnerability is handled as CVE-2025-8503. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. This vulnerability is known as CVE-2025-8502. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #626935 / VDB-318603

Submit #626923 / VDB-318602

Submit #626920 / VDB-318601

A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting. This vulnerability is traded as CVE-2025-8501. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injection. The identification of this vulnerability is CVE-2025-8500. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #626840 / VDB-317835

Submit #626839 / VDB-317835