Aggregator

A vulnerability, which was classified as problematic, was found in mojoomla WPCRM Plugin up to 3.2.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-24774. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in ThemesGrove WP SmartPay Plugin up to 2.7.13 on WordPress. Affected is an unknown function. The manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-25171. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Artifectx xClassified 1.2 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument catid leads to sql injection. This vulnerability was named CVE-2014-4741. The attack can be initiated remotely. Furthermore, there is an exploit available.

The cryptocurrency project Resupply has found itself at the epicenter of a cyber incident following a sophisticated exploit that enabled an attacker to engineer a debt hole totaling 10 million reUSD. The breach affected...

The post Resupply Crypto Exploit: $10M Debt Hole Created Via Smart Contract Logic Flaw appeared first on Penetration Testing Tools.

Application Security Engineer Fireblocks | Israel | Hybrid – View job details As an Application Security Engineer, you will improve and secure the company’s continuous integration and deployment pipelines through CI/CD security hardening. You will operate, fine-tune, and customize security tooling such as Snyk, Apiiro, and other application security platforms to reduce false positives and enhance threat detection. Application Security Engineer Cambridge University Press & Assessment | Philippines | On-site – View job details As … More →

The post Cybersecurity jobs available right now: July 1, 2025 appeared first on Help Net Security.

<p>In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I sometimes find myself needing to use legitimate software to…</p>

The United States Federal Bureau of Investigation has issued an official warning regarding the escalating operations of the hacker collective known as Scattered Spider, which has now begun actively targeting the aviation sector. According...

The post FBI Warns: Scattered Spider Unleashes Social Engineering & Ransomware on Aviation Sector appeared first on Penetration Testing Tools.

The hacker group UAC-0226 continues to aggressively evolve its malicious tool GIFTEDCROOK, which initially functioned as a browser data-stealing utility but has now acquired advanced capabilities, enabling the targeted exfiltration of confidential documents and...

The post Arctic Wolf Exposes “GIFTEDCROOK”: China-Linked APT Launches Evolving Cyber-Espionage on Ukraine Military appeared first on Penetration Testing Tools.

国家网络安全人才与创新基地编制《2025网络安全人才白皮书》，需要对对网信安全从业人员调研，欢迎大家踊跃参与，共同为网络安全人才建设献言献策。

A vulnerability, which was classified as critical, was found in Daily Expense Manager 1.0. This affects an unknown part of the file /update.php. The manipulation of the argument pname/pprice/id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-40731. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Alpine Halo9 and classified as critical. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-23963. The attack can be initiated remotely. There is no exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability was found in ChargePoint Home Flex and classified as critical. This issue affects the function SrvrToSmSetAutoChnlListMsg. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-23968. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in ChargePoint Home Flex. This affects an unknown part. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2024-23970. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ChargePoint Home Flex. It has been classified as critical. Affected is an unknown function of the component wlanapp. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-23921. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in PT Project Notebooks Plugin up to 1.1.3 on WordPress. It has been classified as critical. This affects the function wpnb_pto_new_users_add. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-5304. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in MicroPayments Plugin up to 3.2.0 on WordPress. This affects the function adminOptions of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-5937. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in D-Link DIR-816 1.10CNB05_R1B011D88210. This vulnerability affects the function system of the file bin/goahead. The manipulation leads to privilege escalation. This vulnerability was named CVE-2025-45931. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-6938. The attack may be initiated remotely. Furthermore, there is an exploit available.

The Chinese hacker collective known as Silver Fox, also operating under the alias Void Arachne, has once again drawn the attention of cybersecurity experts. According to Netskope, a new malicious campaign has been uncovered...

The post Silver Fox Unleashes Sainbox RAT & Hidden Rootkit Via Fake Software Installers appeared first on Penetration Testing Tools.

高通组队「开黑」，杀入智驾腹地。