Aggregator

Submit #650095 / VDB-282869

Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 15, 2025, patch a serious security flaw affecting legacy Apple devices. Active Exploitation Confirmed The vulnerability, tracked as CVE-2025-43300, represents […]

The post Apple Patches 0-Day Vulnerabilities in Older iPhones and iPads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #650030 / VDB-276502

Siren announced the launch of K9, an AI companion designed to transform the way investigators uncover threats and connections. K9 is fast, dependable and mission-focused, built to guard, protect, and serve those on the front lines of keeping communities and nations safe. “K9 is more than an AI companion, it’s a loyal partner,” said Jeferson Zanim, CPO at Siren. “We designed it to feel like a trusted colleague. Always ready, always reliable and focused on … More →

The post Siren’s K9 uses AI to turn complex investigations into actionable insights appeared first on Help Net Security.

A vulnerability marked as critical has been reported in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2025-10617. The attack may be initiated remotely. In addition, an exploit is available.

Submit #649980 / VDB-309959

Submit #649959 / VDB-196564

Submit #649963 / VDB-323842

Submit #649962 / VDB-323841

A vulnerability labeled as critical has been found in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2025-10616. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2025-10615. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #649958 / VDB-324644

Submit #649948 / VDB-324644

A vulnerability categorized as problematic has been discovered in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0 on COVID. This affects an unknown function of the file /print_reports_prev.php. Executing manipulation of the argument profile_id can lead to cross site scripting. This vulnerability is registered as CVE-2025-10614. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in mmaitre314 picklescan up to 0.0.30. It has been rated as critical. The impacted element is an unknown function. Performing manipulation results in handling of exceptional conditions. This vulnerability is cataloged as CVE-2025-10156. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in itsourcecode Student Information System 1.0. It has been declared as critical. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument level_id leads to sql injection. This vulnerability is listed as CVE-2025-10613. The attack may be performed from remote. In addition, an exploit is available.

Submit #649912 / VDB-324643

Submit #649911 / VDB-324642

Microsoft revealed it has seized 338 websites associated with RaccoonO365, a phishing kit which has stolen at least 5000 Microsoft credentials worldwide

Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for Kubernetes. Three of these flaws carry a maximum CVSS 3.1 score of 9.8, enabling any pod in the cluster to run arbitrary commands or inject […]

The post Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.