China Linked Houken Hackers Breach French Systems with Ivanti Zero Days
ANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector.
Aggregator
微步十周年 | 薛锋公开信:在变化中坚持不变,穿越下一个十年
9 months ago
十年是一个节点,也是一个新的起点。
CVE-2014-2579 | XCloner 3.5 index2.php dbbackup_comp cross-site request forgery (EDB-32790 / BID-66751)
9 months ago
A vulnerability classified as problematic has been found in XCloner 3.5. This affects an unknown part of the file index2.php. The manipulation of the argument dbbackup_comp leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2014-2579. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Space Bears
9 months ago
You must login to view this content
cohenido
CVE-2025-46647 | Apache APISIX up to 3.11.x openid-connect Plugin key management (EUVD-2025-19707)
9 months ago
A vulnerability classified as critical has been found in Apache APISIX up to 3.11.x. This affects an unknown part of the component openid-connect Plugin. The manipulation leads to key management error.
This vulnerability is uniquely identified as CVE-2025-46647. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-45029 | WINSTAR WN572HP3 v230525 /cgi-bin/upload.cgi CONTENT_LENGTH heap-based overflow (EUVD-2025-19717)
9 months ago
A vulnerability classified as critical has been found in WINSTAR WN572HP3 v230525. Affected is an unknown function of the file /cgi-bin/upload.cgi. The manipulation of the argument CONTENT_LENGTH leads to heap-based buffer overflow.
This vulnerability is traded as CVE-2025-45029. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
How Coinbase's $400M Problem Started in an Indian Call Center
9 months ago
/r/netsec 是一个由社区驱动的信息安全内容聚合平台,旨在为安全从业者、学生、研究人员和黑客提供高质量的技术信息,帮助他们从海量数据中提取有价值的内容。
50 World’s Best Cyber Security Companies – 2025
9 months ago
Cybersecurity has transformed from a niche technical field into a critical business priority that shapes organizational strategies worldwide. As we navigate through 2025, the cybersecurity industry continues to expand in response to increasingly sophisticated threats, digital transformation initiatives, and regulatory requirements. The global cybersecurity market is thriving, with projections showing growth to $345.4 billion by 2026, according to historical data. This comprehensive report […]
The post 50 World’s Best Cyber Security Companies – 2025 appeared first on Cyber Security News.
Cyber Writes Team
Crypto24
9 months ago
You must login to view this content
cohenido
CVE-2025-6433 | Mozilla Firefox up to 139 TLS certificate validation (EUVD-2025-19088 / Nessus ID 241211)
9 months ago
A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 139. Affected by this issue is some unknown functionality of the component TLS Handler. The manipulation leads to improper certificate validation.
This vulnerability is handled as CVE-2025-6433. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
I need help getting into my account
9 months ago
一位用户在 Reddit 的 HowToHack 社区发帖求助,称自己购买了 Quest 3 设备后无法访问 Instagram 账号,因忘记密码且账号与 Facebook 解绑。他尝试联系 Instagram 和 Meta 支持未果,寻求黑客手段破解自己的账号。
Cisco Unified CM Vulnerability Allows Remote Attacker to Login As Root User
9 months ago
A severe vulnerability in Cisco Unified Communications Manager (Unified CM) systems could allow remote attackers to gain root-level access to affected devices. The vulnerability, designated CVE-2025-20309 with a maximum CVSS score of 10.0, affects Engineering Special releases and stems from hardcoded SSH credentials that cannot be modified or removed by administrators. Key Takeaways1. CVE-2025-20309 critical […]
The post Cisco Unified CM Vulnerability Allows Remote Attacker to Login As Root User appeared first on Cyber Security News.
Guru Baran
CVE-2024-9017 | PeepSo Core Plugin up to 6.4.6.0 on WordPress Group Description cross site scripting (EUVD-2024-54724)
9 months ago
A vulnerability, which was classified as problematic, was found in PeepSo Core Plugin up to 6.4.6.0 on WordPress. Affected is an unknown function. The manipulation of the argument Group Description leads to cross site scripting.
This vulnerability is traded as CVE-2024-9017. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
We Are Losing the Scan/Patch Battle
9 months ago
There is no question that vulnerability scanning and patch management remain necessary, but they are clearly no longer sufficient
The post We Are Losing the Scan/Patch Battle appeared first on Security Boulevard.
Bob Tinker
В вашем телефоне может скрываться шпион. Узнайте это за 5 секунд: 543210 + вызов
9 months ago
Утечка выставила на показ не только жертв, но и тех, кто платил за слежку.
TikTok 涌现大量 Google Veo 3 生成的种族主义视频
9 months ago
MediaMatters 报告,短视频平台 TikTok 上涌现了大量由 Google Veo 3 生成的种族主义视频。攻击对象主要是黑人,称他们是“嫌疑惯犯”、父母缺席和喜欢吃西瓜的猴子。TikTok 的服务条款禁止此类内容。但相关内容的传播并未受到多少限制。TikTok 发言人表示,MediaMatters 报告中提及的账户逾半数在报告发布前就因违反政策而被封禁,其余账户现已删除。
近半数遭勒索软件攻击的企业选择支付赎金
9 months ago
尽管支付比例偏高,但53%的企业最终支付金额低于最初赎金要求,Sophos调查发现
CVE-2017-2371 | Apple iOS up to 10.2.0 WebKit 7pk security (HT207482 / EDB-41451)
9 months ago
A vulnerability classified as critical has been found in Apple iOS up to 10.2.0. Affected is an unknown function of the component WebKit. The manipulation leads to 7pk security features.
This vulnerability is traded as CVE-2017-2371. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Ethereum’s Pivotal Role in Decentralized Finance Evolution
9 months ago
Once upon a time, say, 2016, Ethereum was a curious new arrival in the crypto space. It promised…
Owais Sultan
CVE-2019-11358 | Oracle System Utilities 19.1 jQuery cross site scripting (EDB-52141 / Nessus ID 208606)
9 months ago
A vulnerability, which was classified as critical, has been found in Oracle System Utilities 19.1. This issue affects some unknown processing of the component jQuery. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2019-11358. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com