Aggregator

A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'ZDI team' was reported to the affected vendor on: 2025-06-27, 83 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2025-06-27, 81 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-06-27, 82 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2025-06-27, 83 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of Trend Research' was reported to the affected vendor on: 2025-06-27, 53 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks. The flaw, discovered by cybersecurity researchers at Koi Security, could have allowed attackers to seize control of the entire extensions marketplace, enabling […]

The post Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

BSOD переживает ребрендинг, но суть его осталась прежней: боль, перезагрузка, паника.

文章探讨了创业 pitching 的关键策略，强调通过讲述引人入胜的故事打动投资者。作者建议创业者避免冗长的技术细节，而是专注于展示团队的热情和执着，并通过真实的数据和案例来证明产品的价值和市场的潜力。

A vulnerability, which was classified as very critical, was found in nekernel up to 0.0.2. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-52568. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Advantech Wireless Sensing and Equipment A2.01 B00. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-48462. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Gogs up to 0.14.0+dev. Affected by this vulnerability is an unknown functionality of the file public/plugins/. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-47943. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sapido BR071n, BR261c, BR270n, BR476n, BRC70n, BRC70x, BRC76n, BRD70n, BRE70n, BRE71n, BRF61c and BRF71n and classified as problematic. This issue affects some unknown processing. The manipulation leads to unprotected storage of credentials. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-6560. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Sapido BR071n, BR261c, BR270n, BR476n, BRC70n, BRC70x, BRC76n, BRD70n, BRE70n, BRE71n, BRF61c and BRF71n. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-6559. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Advantech Wireless Sensing and Equipment A2.01 B00. This affects an unknown part. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2025-48463. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect_url leads to open redirect. This vulnerability is traded as CVE-2025-6552. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in mbuesch letmein up to 10.2.0 and classified as problematic. This vulnerability affects unknown code of the component letmeind/letmeinfwd. The manipulation leads to improper control of interaction frequency. This vulnerability was named CVE-2025-52570. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Profound推出next-aeo NPM包，专为Next.js开发者设计，优化AI搜索引擎（AEO）。该工具分析应用生成llms.txt文件，提供结构化数据供AI引用。通过优化内容结构和信号提升AI可见性。使用简单：构建项目后运行命令生成文件即可。

/r/netsec 是一个由社区策划的信息安全内容聚合器，旨在为安全从业者、学生、研究人员和黑客提供有价值的技术信息。

A Kansas City man has pleaded guilty to federal charges after admitting he hacked into the computer systems of multiple organizations in an attempt to promote his cybersecurity services, according to the U.S. Department of Justice. Nicholas Michael Kloster, 32, was indicted last year after a series of unauthorized intrusions targeting three separate organizations in […]

The post Kansas City Man Pleads Guilty After Hacking to Promote His Cybersecurity Services appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.