Aggregator

A vulnerability classified as problematic has been found in Tickera Plugin up to 3.5.0.x on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2022-4549. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mahoroba MAHO-PBX NetDevancer. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2023-22280. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Android. This issue affects some unknown processing of the component Kernel. The manipulation leads to race condition. The identification of this vulnerability is CVE-2021-0920. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

We share actionable mitigation and detection strategies against IngressNightmare so you can protect against possible exploitation in runtime.

The post IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX appeared first on SentinelOne.

A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /appointment.php. The manipulation of the argument Name leads to sql injection. This vulnerability is handled as CVE-2025-3299. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Registration Handler. The manipulation of the argument email leads to improper access controls. This vulnerability is known as CVE-2025-3298. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. This vulnerability is traded as CVE-2025-3297. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=delete_customer. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-3296. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #550185 / VDB-303494

Submit #550010 / VDB-303493

Submit #549982 / VDB-303492

Submit #549932 / VDB-303491

A vulnerability classified as problematic was found in ZoomIt ZoomSounds Plugin up to 6.91 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-0839. The attack can be initiated remotely. There is no exploit available.

Lawyer Jonathan Armstrong on Legal, Ethical Fallout From Looming 23andMe Auction
The financial collapse of personal genomics giant 23andMe raises an urgent question: What happens to your most intimate data when the company holding it goes bankrupt? Jonathan Armstrong, partner at Punter Southall Law, warns of cascading legal, ethical and security consequences.

A vulnerability classified as problematic has been found in AlThemist Lafka Plugin up to 7.1.0 on WordPress. This affects the function lafka_options_upload of the component Option Update Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-1233. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ZoomSounds Plugin up to 6.91 on WordPress. It has been rated as problematic. Affected by this issue is the function dzsap_delete_notice of the component Setting Handler. The manipulation of the argument seen leads to missing authorization. This vulnerability is handled as CVE-2024-13776. The attack may be launched remotely. There is no exploit available.

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The attackers impersonated Dev.to, a prominent developer community, and lured victims with promises of lucrative job offers. Instead of attaching malware directly to emails, they provided a BitBucket link […]

The post Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ИИ ворвался в Minecraft как нуб, но уже через неделю копал туннели как гений.

Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have […]

The post EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.