Aggregator

CVE-2025-33076 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 memory corruption (EUVD-2025-22452)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability classified as critical has been found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-33076. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46099 | Pluck CMS up to 4.7.20-dev Albums Module albums.site.php unrestricted upload

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Pluck CMS up to 4.7.20-dev. It has been rated as critical. This issue affects some unknown processing of the file albums.site.php of the component Albums Module. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2025-46099. The attack may be initiated remotely. There is no exploit available.
vuldb.com

Akira

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

CVE-2025-8069 | Amazon AWS Client VPN up to 5.2.1 on Windows OpenSSL Configuration File default permission (AWS-2025-014 / EUVD-2025-22458)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Amazon AWS Client VPN up to 5.2.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component OpenSSL Configuration File Handler. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2025-8069. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2015-10141 | Xdebug up to 2.5.5 Debugger Protocol Command os command injection (EDB-44568)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Xdebug up to 2.5.5 and classified as critical. Affected by this issue is some unknown functionality of the component Debugger Protocol Command Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2015-10141. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-46171 | vBulletin 3.8.7 Buddy List misc.php?do=buddylist denial of service (EUVD-2025-22462)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability has been found in vBulletin 3.8.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file misc.php?do=buddylist of the component Buddy List Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-46171. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2018-25114 | osCommerce Online Merchant 2.3.4.1 HTTP POST Requst install_4.php unrestricted upload (Exploit 44374 / EDB-44374)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as critical, was found in osCommerce Online Merchant 2.3.4.1. Affected is an unknown function of the file install_4.php of the component HTTP POST Requst Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2018-25114. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-36116 | IBM DB2 Mirror for i 7.4/7.5/7.6 Websocket Connection missing origin validation in websockets

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in IBM DB2 Mirror for i 7.4/7.5/7.6. This issue affects some unknown processing of the component Websocket Connection Handler. The manipulation leads to missing origin validation in websockets. The identification of this vulnerability is CVE-2025-36116. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

气候变化导致森林火灾日益常见

Solidot
6 months 3 weeks ago
根据发表在 PNAS 期刊上的一项研究,气候变化正导致极端严重的森林火灾日益常见。2023 年和 2024 年是有记录以来最热的年份,全球逾 7800 万英亩森林被烧毁。火灾将浓烟和数十亿吨二氧化碳排放到大气中,数百万人因此面临恶劣的空气质量。对卫星图像的研究发现,2023 年和 2024 年因火灾损失的森林树冠(forest canopy)面积是过去近二十年年均损失面积的至少两倍。

Silicon Valley Engineer Pleads Guilty to Stealing Missile Detection Data for China

Cyber Security News
6 months 3 weeks ago

A dual U.S.-China citizen and former Silicon Valley engineer has pleaded guilty to stealing critical military technology secrets designed to protect American national security interests.  Chenguang Gong, 59, of San Jose, admitted to transferring over 3,600 classified files containing advanced missile detection and defense technologies to personal storage devices, with intentions to benefit the Chinese […]

The post Silicon Valley Engineer Pleads Guilty to Stealing Missile Detection Data for China appeared first on Cyber Security News.

Guru Baran

Operation CargoTalon Targets Russian Aerospace & Defense to Deploy EAGLET Implant

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
6 months 3 weeks ago

SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транспортная накладная (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML […]

The post Operation CargoTalon Targets Russian Aerospace & Defense to Deploy EAGLET Implant appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

How AI, Automation and Real-Time Tools Are Redefining Claims

DataBreachToday.com
6 months 3 weeks ago
Liberty General's Sachin Joshi on Blending Technology and Empathy for Faster Claims
AI, automation and real-time tools are reshaping insurance claims. "We blend technology with empathy to deliver faster, smarter and more transparent claims," said Sachin Joshi, president of claims, operations and customer service at Liberty General Insurance.

US Nuclear Agency Breach Tied to SharePoint Zero-Days

DataBreachToday.com
6 months 3 weeks ago
Over 400 Organizations Breached via Ongoing ToolShell Attacks, Researchers Warn
The U.S. government agency that maintains and designs America's nuclear weapons was reportedly breached by attackers exploiting zero-day flaws in on-premises Microsoft SharePoint servers, with researchers now counting over 400 victims, including European and Middle Eastern governments.

ENISA Turns to Experts to Steer EU Cyber Regulations

DataBreachToday.com
6 months 3 weeks ago
Newly Appointed Advisory Group to Support NIS2 and CRA Implementation Across Europe
Beginning Aug. 1, European Union Agency for Cybersecurity, ENISA, will launch a new Advisory Group composed of 26 independent experts to help guide the EU’s cybersecurity strategy through 2027. Their work will support the rollout of the NIS2 Directive and the Cyber Resilience Act.

美国政府考虑重新评估 H-1B 签证签发方式

Solidot
6 months 3 weeks ago
美国国土安全部 (DHS)和美国公民及移民服务局 (USCIS)正在考虑重新评估 H-1B 签证的签发方式。美国政府考虑将 H-1B 签证的分配制度从目前的抽签制改为有利于符合特定标准——可能与技能相关——的申请人制度。H-1B 签证是美国签发给从事专业技术类工作的外籍人士的签证,必须由雇主出面为申请人申请,且申请人的雇用申请书需要美国公民及移民服务局的批准。根据美国公民及移民服务局的数据,截至 2019 年,美国约有 60 万名 H-1B 工人。H-1B 签证备受科技公司的青睐,但长期以来一直饱受批评,因为该签证被认为容易压低美国工人工资,限制移民工人的劳工权利,被外包公司滥用。

Interlock ransomware gang is ramping up activity, CISA warns

Ransomware.org
6 months 3 weeks ago

The Interlock ransomware gang is aggressively targeting businesses and critical infrastructure in North America and Europe, according to a new warning from the US Cybersecurity and Infrastructure Security Agency (CISA). stepping up its attacks and changing tactics. The agency issued an advisory describing how Interlock picks its victims on the basis of opportunity, carrying out […]

The post Interlock ransomware gang is ramping up activity, CISA warns appeared first on Ransomware.org.

Emma Woollacott

Managed ad