Aggregator

A vulnerability, which was classified as critical, was found in IFTTT Build Notifier Plugin up to 1.2 on Jenkins. Affected is an unknown function of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-53662. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in Apica Loadtest Plugin up to 1.10 on Jenkins and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Controller File System Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-53664. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in IBM Cloud DevOps Plugin up to 2.0.16 on Jenkins. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-53663. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in ReadyAPI Functional Testing Plugin up to 1.11 on Jenkins. This vulnerability affects unknown code of the component Job Configuration Form Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-53657. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in ReadyAPI Functional Testing Plugin up to 1.11 on Jenkins. This affects an unknown part. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-53656. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Statistics Gatherer Plugin up to 2.0.3 on Jenkins. It has been rated as problematic. Affected by this issue is some unknown functionality of the component AWS Secret Key Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-53655. Access to the local network is required for this attack to succeed. There is no exploit available.

The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where "TGR" stands for "temporary group" and "CRI" refers to "criminal motivation."

Helix: добро пожаловать в эпоху без тормозов и амнезии.

A vulnerability was found in Statistics Gatherer Plugin up to 2.0.3 on Jenkins. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component AWS Secret Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-53654. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Aqua Security Scanner Plugin up to 3.2.8 on Jenkins. It has been classified as critical. Affected is an unknown function of the file config.xml of the component API. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-53653. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in HTML Publisher Plugin up to 425 on Jenkins and classified as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-53651. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in Realtek AmebaD up to 3.1.8 and classified as critical. This vulnerability affects unknown code of the component WLAN Driver. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-49604. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Git Parameter Plugin up to 439.vb_0e46ca_14534 on Jenkins. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is handled as CVE-2025-53652. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Credentials Binding Plugin up to 687.v619cb_15e923f on Jenkins. This affects an unknown part. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-53650. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in White Star Software Protop 4.4.2-2024. Affected by this vulnerability is an unknown functionality of the file /pt3upd/. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-44177. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Mautic Docker Mautic. Affected is an unknown function of the file /usr/local/etc/php/php.ini. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is traded as CVE-2025-7381. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Remote monitoring and management (RMM) tools are a go-to for IT teams, but that same power makes them a favorite trick up attackers’ sleeves, too. In the first half of 2025, ANY.RUN analysts reviewed thousands of real-world malware detonations in the interactive sandbox and spotted a clear trend: five tools were involved in most RMM-related […]

The post Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors  appeared first on Cyber Security News.

今年早些时候，海牙国际刑事法院以战争罪对以色列总理内塔尼亚胡及其前国防部长加兰特（Yoav Gallant）发出逮捕令，美国总统特朗普随后对国际刑事法院进行了制裁，微软则立即封了首席检察官 Karim Khan 的电邮账号。但很多时候，美国科技巨头对制裁名单的响应并不像微软动作那么快。5 月 29 日，美国财政部对 Funnull Technology Inc.及其经营者、40 岁的上海人刘理志 aka Liu“Steve”Lizhi、XXL4 和 Nice Lizhi 等进行经济制裁，云服务商 Funnull 被控帮助了金融诈骗导致美国人损失逾 2 亿美元。根据美国法律，美国公司被禁止与被制裁的个人继续做生意。调查发现，在一个多月后，美国科技巨头 Facebook、Github、PayPal 和 Twitter/X 仍然没有关闭刘理志的账号。LinkedIn 的账号是在被要求置评后几小时内删除的。

То, что вы вытирали со стола, теперь может спасать жизни.