INC
You must login to view this content
Aggregator
INC
7 months 3 weeks ago
You must login to view this content
cohenido
Ingram Micro Up and Running After Ransomware Attack
7 months 3 weeks ago
Customers were the first to notice the disruption on the distributor's website when they couldn't place orders online.
Kristina Beek
Ducex Packer for Android Evades Detection with Heavy Obfuscation Techniques
7 months 3 weeks ago
The team at ANY.RUN recently reviewed a powerful Android packer called Ducex, which is linked to the infamous Triada malware, and criticized it for its sophisticated obfuscation methods. First identified within a fake Telegram app, Ducex serves as a protective shell for Triada, one of the most sophisticated Android trojans since its debut in 2016. […]
The post Ducex Packer for Android Evades Detection with Heavy Obfuscation Techniques appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Думали: ДНК — чертёж жизни. Оказалось организмом управляет «мусор»
7 months 3 weeks ago
Почему регуляторные РНК важнее ДНК в определении того, кто вы есть.
Schneider Electric Flaws Expose Systems to OS Command Injection Attacks
7 months 3 weeks ago
Schneider Electric, a global leader in industrial technology and sustainability, has issued a critical security notification revealing multiple vulnerabilities in its EcoStruxure IT Data Center Expert (DCE) software, a scalable monitoring solution for data center equipment. Released on July 8, 2025, under document reference SEVD-2025-189-01, the advisory details six severe flaws affecting versions 8.3 and […]
The post Schneider Electric Flaws Expose Systems to OS Command Injection Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Multiple Schneider Electric Vulnerabilities Let Attackers Inject OS Commands
7 months 3 weeks ago
Schneider Electric has disclosed a critical set of six vulnerabilities affecting its EcoStruxure IT Data Center Expert software that could allow attackers to execute remote code and gain unauthorized system access. The vulnerabilities, discovered in versions 8.3 and prior, present significant security risks to data center operations worldwide. The most severe vulnerability, tracked as CVE-2025-50121, […]
The post Multiple Schneider Electric Vulnerabilities Let Attackers Inject OS Commands appeared first on Cyber Security News.
Tushar Subhra Dutta
Agentic AI's Risky MCP Backbone Opens Brand-New Attack Vectors
7 months 3 weeks ago
Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.
Jai Vijayan, Contributing Writer
CVE-2023-24903 | Microsoft Windows up to Server 2022 Secure Socket Tunneling Protocol race condition (EUVD-2023-28891)
7 months 3 weeks ago
A vulnerability was found in Microsoft Windows. It has been classified as critical. Affected is an unknown function of the component Secure Socket Tunneling Protocol. The manipulation leads to race condition.
This vulnerability is traded as CVE-2023-24903. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2023-24945 | Microsoft Windows up to Server 2022 iSCSI Target Service information disclosure (EUVD-2023-28932)
7 months 3 weeks ago
A vulnerability was found in Microsoft Windows. It has been declared as problematic. This vulnerability affects unknown code of the component iSCSI Target Service. The manipulation leads to information disclosure.
This vulnerability was named CVE-2023-24945. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2023-29338 | Microsoft Visual Studio Code information disclosure (EUVD-2023-32911)
7 months 3 weeks ago
A vulnerability was found in Microsoft Visual Studio Code. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure.
This vulnerability is uniquely identified as CVE-2023-29338. An attack has to be approached locally. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2023-29340 | Microsoft AV1 Video Extension Local Privilege Escalation (EUVD-2023-32913)
7 months 3 weeks ago
A vulnerability was found in Microsoft AV1 Video Extension. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to Local Privilege Escalation.
This vulnerability was named CVE-2023-29340. Local access is required to approach this attack. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2023-29341 | Microsoft AV1 Video Extension Local Privilege Escalation (EUVD-2023-32914)
7 months 3 weeks ago
A vulnerability was found in Microsoft AV1 Video Extension. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to Local Privilege Escalation.
The identification of this vulnerability is CVE-2023-29341. Attacking locally is a requirement. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2023-29350 | Microsoft Edge Remote Code Execution (EUVD-2023-32923)
7 months 3 weeks ago
A vulnerability classified as problematic was found in Microsoft Edge. This vulnerability affects unknown code. The manipulation leads to Remote Code Execution.
This vulnerability was named CVE-2023-29350. The attack can be initiated remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2023-29333 | Microsoft Office 365 Apps/2019/LTSC 2021 Access denial of service (EUVD-2023-32907)
7 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Microsoft Office 365 Apps/2019/LTSC 2021. Affected is an unknown function of the component Access. The manipulation leads to denial of service.
This vulnerability is traded as CVE-2023-29333. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-53542 | kubernetes-sigs headlamp up to 0.31.0 codeSign.js execSync os command injection (EUVD-2025-21025)
7 months 3 weeks ago
A vulnerability was found in kubernetes-sigs headlamp up to 0.31.0 and classified as critical. Affected by this issue is the function execSync of the file codeSign.js. The manipulation leads to os command injection.
This vulnerability is handled as CVE-2025-53542. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53549 | matrix-org matrix-rust-sdk up to 0.12 find_event_with_relations sql injection (EUVD-2025-21024)
7 months 3 weeks ago
A vulnerability was found in matrix-org matrix-rust-sdk up to 0.12. It has been classified as critical. This affects the function EventCache::find_event_with_relations. The manipulation leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-53549. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53503 | Trend Micro Cleaner One Pro up to 6.8.322 shortcut
7 months 3 weeks ago
A vulnerability was found in Trend Micro Cleaner One Pro up to 6.8.322. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to windows shortcut following.
This vulnerability is handled as CVE-2025-53503. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-28243 | Alteryx Server 2023.1.1.460 cross site scripting
7 months 3 weeks ago
A vulnerability was found in Alteryx Server 2023.1.1.460. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting.
This vulnerability is known as CVE-2025-28243. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-53378 | Trend Micro Worry-Free Business Security Services prior 6.7.3954 /14.3.1299 missing authentication (EUVD-2025-21042)
7 months 3 weeks ago
A vulnerability was found in Trend Micro Worry-Free Business Security Services. It has been classified as critical. Affected is an unknown function. The manipulation leads to missing authentication.
This vulnerability is traded as CVE-2025-53378. It is possible to launch the attack remotely. There is no exploit available.
This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves. It is recommended to upgrade the affected component.
vuldb.com