Aggregator

A vulnerability classified as problematic has been found in OpenVPN up to 2.7_rc1. Impacted is an unknown function of the component Source IP Address Handler. This manipulation causes improper verification of source of a communication channel. This vulnerability is tracked as CVE-2025-13086. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in OpenVPN up to 2.7_rc2 on Windows. This affects an unknown part of the component Interactive Service Agent. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-13751. The attack requires a local approach. No exploit exists. You should upgrade the affected component.

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. [...]

As Barcelona prepares to serve up both tapas and terabytes, the Mobile World Congress (MWC) is once again turning this sun-drenched city into the global capital of 5G connectivity. This year’s conference focus—“The IQ Era”—is set to hone in on 5G advances, AI integration, and mobile innovation. And NETSCOUT will be an...

Cofense claims AI is making phishing emails more personalized and sophisticated

Key Points Introduction Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. These related activities have been collectively categorized under the codename “Amaranth-Dragon”. The campaigns demonstrate a clear focus on government entities across the region, suggesting a motivated threat actor with a strong interest in geopolitical intelligence. The campaigns […]

The post Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia appeared first on Check Point Research.

A vulnerability marked as problematic has been reported in SeaCMS up to 12.8. Affected is an unknown function of the file admin_manager.php. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2023-43278. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in dst-admin 1.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /home/playerOperate. Performing a manipulation of the argument userId results in code injection. This vulnerability is cataloged as CVE-2023-43270. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in 70mai a500s up to 1.2.119. It has been rated as critical. The impacted element is an unknown function of the component Recording Handler. This manipulation causes improper access controls. This vulnerability appears as CVE-2023-43271. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability identified as problematic has been detected in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /catalog_add.php of the component Backend Management Interface. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2023-43275. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in PHP Jabbers PHP Shopping Cart 4.2. This impacts an unknown function. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2023-43274. The attack must be carried out from within the local network. There is no available exploit.

开源办公软件 LibreOffice 项目释出了最新的 v26.2 版本。一大变化是取消了社区版品牌。LibreOffice 26.2 主要变化包括：Writer 改进拼写检查对话框和文档更改跟踪，优化段落首尾对齐等；Calc 支持连接器，支持 xmlMaps.xml，改进排序对话框选项，支持 Excel 2007+ 的 Biff12 贴板格式，性能改进；Base 支持多用户，改进 Chart 的 3D 图表性能，更快的 SVG 图形渲染速度，等等。

For several years, enterprise security teams have concentrated on a well-established range of risks, including users clicking potentially harmful links, employees uploading data to SaaS applications, developers inadvertently disclosing credentials on platforms like GitHub, and chatbots revealing sensitive information. However, a notable shift is emerging—one that operates independently of user actions. Artificial intelligence agents are...

The post Why Moltbook Changes the Enterprise Security Conversation appeared first on Aryaka.

The post Why Moltbook Changes the Enterprise Security Conversation appeared first on Security Boulevard.

Новое вредоносное ПО MiniDoor крадет почтовую переписку из всех папок пользователя.

A vulnerability categorized as critical has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. This vulnerability is cataloged as CVE-2026-1802. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. This vulnerability is registered as CVE-2026-1803. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in eProsima Fast-DDS up to 2.6.10/3.3.0/3.4.0. The affected element is an unknown function. The manipulation of the argument message_data results in out-of-bounds read. This vulnerability is cataloged as CVE-2025-62603. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.