Aggregator

A vulnerability, which was classified as critical, was found in File Manager Plugin on WordPress. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-0818. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in File Manager Pro Plugin on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-0818. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Easy Restaurant Menu Manager Plugin up to 2.0.2 on WordPress and classified as problematic. Affected by this issue is the function nsc_eprm_save_menu. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-8491. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-8760. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124 and classified as critical. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. This vulnerability was named CVE-2025-8761. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124 and classified as problematic. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. The identification of this vulnerability is CVE-2025-8762. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available.

Analysts from FortiMail Workspace Security have uncovered a targeted campaign against Israeli companies and organizations within critical infrastructure sectors. The attackers exploited a compromised internal email system to send highly convincing messages to regional...

The post Phishing to PowerShell RAT: New Fileless Attack Targets Israeli Critical Infrastructure appeared first on Penetration Testing Tools.

Pavel Durov announced that over the past 20 days, Telegram has received hundreds of reports from users about cases of extortion and doxxing. Based on these complaints, the platform initiated a large-scale purge of...

The post Telegram Fights Back: Platform Purges Channels Used for Extortion and Doxxing appeared first on Penetration Testing Tools.

美国政府将关闭更多气象卫星。NOAA-15原定于8月12日退役，因NOAA-19故障推迟至8月18日。Gabe尝试最后一次接收信号并成功。

Automation of IT infrastructure management through artificial intelligence, as revealed in a recent study by RSAC Labs and George Mason University, may carry substantial risks. The researchers found that AIOps solutions—systems leveraging models akin...

The post AIOps Under Threat: Researchers Demonstrate How to Poison AI to Hack IT Infrastructure appeared first on Penetration Testing Tools.

No AI product in history has stirred such a tidal wave of anticipation as OpenAI’s long-awaited GPT-5. Yet, following its high-profile launch last week, the model swiftly found itself under fire—a troubling omen for...

The post GPT-5 Under Fire: OpenAI’s Latest Model Faces Backlash and “Jailbreak” Flaws appeared first on Penetration Testing Tools.

微软推出轻量级配套应用（联系人、日历、文件搜索），专为Microsoft 365商业版和企业版用户设计，固定于任务栏以提升工作效率。

Ashlar-Vellumが提供する複数の製品には、複数の脆弱性が存在します。

AVEVAが提供するPI Integratorには、複数の脆弱性が存在します。

Santesoft LTDが提供するSante PACS Serverには、複数の脆弱性が存在します。

文章描述了错误代码521的原因及其解决方法。

作者：Iyiola E. Olatunji, Franziska Boenisch, Jing Xu, Adam Dziedzic 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2508.04894v1 摘要 大型语言模型 (LLMs) 越来越多地与图结构数据集成，用于执行像节点分类这样的任务，这一领域传统上主要由图神经网络 (GNNs) 占据。尽...

A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named EvaCodes-Community/UltraX. Suspecting foul play, the individual contacted the SlowMist security team, who conducted a thorough analysis and uncovered malicious components embedded within the project’s dependencies. With consent, SlowMist issued a […]

The post Malicious npm Package Lures Job Seekers and Exfiltrates Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Один бит из 2024 года — и ваш DevOps в слезах.

Currently trending CVE - Hype Score: 15 - 7-Zip before 25.01 does not always properly handle symbolic links during extraction.