Aggregator

A vulnerability has been found in Open Source Robotics Robot Operating System Indigo Igloo/Kinetic Kame/Melodic Morenia/Noetic Ninjemys and classified as very critical. This vulnerability affects the function eval. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability was named CVE-2024-41921. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer overflow. This vulnerability is handled as CVE-2025-7758. The attack may be launched remotely. Furthermore, there is an exploit available.

Hackers are exploiting a new TeleMessage SGNL flaw that exposes sensitive data. CISA warns agencies to patch or stop using it by July 22.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

The food distributor and wholesaler completely shut down its systems upon discovering the attack last month, yet core systems were restored and normal operating capacity returned within three weeks.

The post United Natural Foods loses up to $400M in sales after cyberattack appeared first on CyberScoop.

VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. [...]

A vulnerability has been found in LabRedesCefetRJ WeGIA up to 3.4.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /html/funcionario/dependente_editarInfoPessoal.php. The manipulation of the argument idatendido_familiares leads to sql injection. This vulnerability is known as CVE-2025-54060. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.5 and classified as critical. Affected by this issue is some unknown functionality of the file /html/funcionario/dependente_editarEndereco.php. The manipulation of the argument idatendido_familiares leads to sql injection. This vulnerability is handled as CVE-2025-54058. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. [...]

Threat Attack Daily - 17th of July 2025

Ransomware Attack Update for the 17th of July 2025

Learn how misconfigurations and credential theft remain top cloud threats in 2025, as AI expands attacker tools and defender capabilities.

Cisco just disclosed a critical severity flaw in its ISE and ISE-PIC products, joining two similar bugs disclosed last month.

这次 Plus 用户也能用。

A vulnerability, which was classified as critical, has been found in Lenovo FileZ Client 9.8.6.0. Affected by this issue is some unknown functionality. The manipulation leads to client-side enforcement of server-side security. This vulnerability is handled as CVE-2025-6249. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Lenovo Vantage and Commercial Vantage. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-6230. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Lenovo TrackPoint Quick Menu. Affected is an unknown function. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2025-1729. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lenovo Elliptic Virtual Lock Sensor Service for ThinkPad P1 Gen 6, Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7, Elliptic Virtual Lock Sensor Service for P14s Gen 4, Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4, Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5, Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5, Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2, Elliptic Virtual Lock Sensor Service for P16s Gen 2, Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2, lliptic Human Presence Detection Driver for P16s Gen 3, Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1, Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1, Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2, Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3, Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 , Elliptic Virtual Lock Sensor Service for T14 Gen 4, Elliptic Human Presence Detection Device Driver for T14 Gen 4, lliptic Human Presence Detection Device Driver for T14 Gen 5, Elliptic Human Presence Detection Device Driver for T14 Gen 5, Elliptic Virtual Lock Sensor Service for T14s Gen 4, Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4, Elliptic Human Presence Detection Device Driver for T14s Gen 5, Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6, Elliptic Virtual Lock Sensor Service for T16 Gen 2, Elliptic Human Presence Detection Device Driver for T16 Gen 2, Elliptic Human Presence Detection Device Driver for T16 Gen 3, Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9, Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen, Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5, Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4, Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4, Elliptic Human Presence Detection Device Driver for X13 Gen 5 and Elliptic Virtual Lock Sensor for X13 Yoga Gen 4. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2025-0886. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.