Aggregator

INC

Dark Feed IO
6 months 2 weeks ago

You must login to view this content

cohenido

CVE-2025-54425 | Umbraco CMS up to 13.9.2/15.4.3/16.1.0 Content Delivery API information disclosure

VulDB Recent Entries
6 months 2 weeks ago
A vulnerability classified as problematic was found in Umbraco CMS up to 13.9.2/15.4.3/16.1.0. This vulnerability affects unknown code of the component Content Delivery API. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-54425. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54388 | Moby up to 28.3.2 Firewalld Service initialization of resource

VulDB Recent Entries
6 months 2 weeks ago
A vulnerability classified as critical has been found in Moby up to 28.3.2. This affects an unknown part of the component Firewalld Service. The manipulation leads to missing initialization of resource. This vulnerability is uniquely identified as CVE-2025-54388. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54410 | Moby up to 25.0.12 initialization of resource

VulDB Recent Entries
6 months 2 weeks ago
A vulnerability was found in Moby up to 25.0.12. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing initialization of resource. This vulnerability is handled as CVE-2025-54410. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54430 | dedupeio dedupe benchmark-bot.yml issue_comment os command injection

VulDB Recent Entries
6 months 2 weeks ago
A vulnerability was found in dedupeio dedupe. It has been declared as critical. Affected by this vulnerability is the function issue_comment of the file github/workflows/benchmark-bot.yml. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-54430. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

LLM Honeypots Can Deceive Threat Actors into Exposing Binaries and Known Exploits

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
6 months 2 weeks ago

Large language model (LLM)-powered honeypots are becoming increasingly complex instruments for luring and examining threat actors in the rapidly changing field of cybersecurity. A recent deployment using Beelzebub, a low-code honeypot framework, demonstrated how such systems can simulate vulnerable SSH services to capture malicious activities in real-time. By configuring a single YAML file, defenders can […]

The post LLM Honeypots Can Deceive Threat Actors into Exposing Binaries and Known Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-54656 | Apache Struts 1.x LookupDispatchAction neutralization for logs

VulDB Recent Entries
6 months 2 weeks ago
A vulnerability was found in Apache Struts 1.x. It has been classified as problematic. Affected is the function LookupDispatchAction. The manipulation leads to improper output neutralization for logs. This vulnerability is traded as CVE-2025-54656. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-47001 | Adobe Experience Manager up to 6.5.22 cross site scripting (apsb25-48)

VulDB Recent Entries
6 months 2 weeks ago
A vulnerability was found in Adobe Experience Manager up to 6.5.22 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-47001. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

愤怒的玩家对 Visa 和 Mastercard 的客服发动 DDoS 攻击

Solidot
6 months 2 weeks ago
在两大游戏平台 Steam 和 itch.io 因为支付公司的压力而限制和下架部分类型的成人游戏之后,愤怒的玩家正在动员组织起来对支付公司发动反击。在 Reddit 和 Bluesky 等社交媒体网站上,玩家们互相督促通过邮件和电话联系支付巨头 Visa 和 Mastercard。两家公司的客服证实收到了很多玩家的电话,但他们表示对于玩家的问题无能为力。客服的权力显然有限,玩家此举是对客服发动 DDoS 攻击,制造混乱,大到足以让支付公司付出代价。

Researchers Reveal North Korean Threat Actors’ Tactics for Uncovering Illicit Access

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
6 months 2 weeks ago

Cybersecurity researchers from Flashpoint have exposed the intricate tactics employed by North Korean threat actors to infiltrate global organizations through remote work vulnerabilities. These operatives, affiliated with the Democratic People’s Republic of Korea (DPRK), masquerade as legitimate freelance developers, IT specialists, and contractors, embedding themselves in corporate workflows to siphon off at least $88 million […]

The post Researchers Reveal North Korean Threat Actors’ Tactics for Uncovering Illicit Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad