CyberSecurityBoard
Sponsor Register Login

Cyber News

CyberSecurityBoard.com is a cyber news aggregator platform with all of the top news, blogs, podcasts and more about Cyber Security, InfoSec, Cryptography, Online Privacy, Hacking, Vulnerability and Threat Research into one place. CyberSecurityBoard's ultimate goal is providing a useful and effective tool to help you getting a better understanding and quicker overview of everything happening in the world of Cybersecurity.

Latest Cyber News

Microsoft confirms May Windows 10 updates trigger BitLocker recovery - Microsoft's acknowledgment of this issue comes after many Windows users and admins have reported seeing devices unexpectedly enter the Windows Recovery Environment (WinRE) and displaying a BitLocker recovery screen after installing the KB5058379 ...
1 month ago Bleepingcomputer.com
Feds charge 12 more suspects in RICO case over crypto crime spree | The Record from Recorded Future News - Two additional suspects in the case — 20-year-old Malone Lam and Jeandiel Serrano, 21 — were arrested in September 2024 and charged in connection with the theft of about $245 million from a victim in Washington, D.C through a social engineering ...
1 month ago Therecord.media
Hands-on Malware Analysis Training to Boost Up SOC & MSSP Teams - With ANY.RUN malware analysis training learners are provided with unrestricted access to the sandbox and a curated collection of new malware samples contributed by ANY.RUN’s extensive global user community comprises 15,000 corporate security ...
1 month ago Cybersecuritynews.com
macOS Gatekeeper Explained: Strengthening System Defenses - Apple’s macOS Gatekeeper, a cornerstone of the operating system’s defense against malicious software, has undergone significant macOS Sequoia (15.0) updates to address emerging security challenges. Developers submitting apps to Apple’s notary ...
1 month ago Cybersecuritynews.com
Israel arrests new suspect behind Nomad Bridge $190M crypto hack - An American-Israeli national named Osei Morrell has been arrested in Israel for his alleged involvement in exploiting the Nomad bridge smart-contract in August 2022 that allowed hackers to siphon $190 million. Osei Morrell is not ...
1 month ago Bleepingcomputer.com
ChatGPT rolls out Codex, an AI tool for software programming - According to OpenAI, Codex is based on codex-1, which is a new version of ChatGPT based on the existing o3 model, but it has been optimized for coding, which results in increased accuracy. OpenAI is rolling out 'Codex' for ChatGPT, which is an ...
1 month ago Bleepingcomputer.com
SSH Auth Keys Reuse Exposes Sophisticated Targeted Phishing Attack - A coordinated phishing campaign targeting Kuwait’s critical sectors has been exposed through a distinctive operational security lapse: the consistent reuse of SSH authentication keys across multiple attack servers. The campaign, which remains ...
1 month ago Cybersecuritynews.com
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own - During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. Palo Alto ...
1 month ago Bleepingcomputer.com
Linux Kernel Patching: Preventing Exploits in 2025 - Live kernel patching technologies like Kpatch and SUSE Live Patch have evolved from niche tools to essential components of enterprise security postures. Immutable Infrastructure: Cloud providers combine kernel live patching with ...
1 month ago Cybersecuritynews.com
Printer maker Procolored offered malware-laced drivers for months - Cameron Coward, a YouTuber known as Serial Hobbyism, discovered the malware when his security solution warned of the presence of the Floxif USB worm on his computer when installing the companion software and drivers for a $7,000 Procolored ...
1 month ago Bleepingcomputer.com
New Vulnerability Affects All Intel Processors From The Last 6 Years - Affecting all Intel processors released in the past six years-including those in consumer devices and cloud server infrastructure-the vulnerability exploits speculative execution technologies designed to accelerate computational performance. The BPRC ...
1 month ago Cybersecuritynews.com
Chinese Agent Impersonates as Stanford Student For Intelligence Gathering - According to experts consulted during the investigation, Chen was “likely an agent of the Chinese Ministry of State Security (MSS), tasked with identifying sympathetic Stanford students and gathering intelligence”. The agent, operating ...
1 month ago Cybersecuritynews.com
Ransomware gangs increasingly use Skitnet post-exploitation malware - Prodaft told BleepingComputer they have observed multiple ransomware operations deploying Skitnet in real-world attacks, including BlackBasta in Microsoft Teams phishing attacks against the enterprise, and Cactus. The malware has been offered for ...
1 month ago Bleepingcomputer.com Cactus
Russian hospital faces multi-day shutdown as pro-Ukraine group claims cyberattack | The Record from Recorded Future News - Although the hospital has not disclosed specifics about the cyber incident, local authorities confirmed the attackers targeted software used to manage patient records and medical histories. A private hospital in the Russian republic of Chuvashia ...
1 month ago Therecord.media
Malware Mastermind Andrei Tarasov Evades US Extradition Returns to Russia - “As alleged, Silnikau, Kadariya, Tarasov, and conspirators used multiple strategies to profit from their widespread hacking and wire fraud,” stated the US Department of Justice in documents released after Silnikau’s extradition from ...
1 month ago Cybersecuritynews.com
FBI Warns of US Govt Officials Impersonated in Malicious Message Campaign - The Federal Bureau of Investigation (FBI) issued an urgent warning Thursday about an ongoing malicious campaign where cybercriminals are impersonating senior US officials through text messages and AI-generated voice calls. “The malicious actors ...
1 month ago Cybersecuritynews.com
Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations | The Record from Recorded Future News - The new law, which was first mooted in 2022, is intended to help Japan strengthen its cyber defense “to a level equal to major Western powers” and marks a break from the country’s traditional approach to cyber defense, which had tracked closely ...
1 month ago Therecord.media
Multiple Ivanti Endpoint Manager Vulnerabilities Allows Remote Code Execution - Critical security flaws have been uncovered in Ivanti Endpoint Manager Mobile (EPMM), a widely used mobile device management (MDM) solution, exposing organizations to the risk of unauthenticated remote code execution (RCE). The discovery and ongoing ...
1 month ago Cybersecuritynews.com CVE-2025-4427
Windows Security Updates: How to Stay Ahead of Vulnerabilities - In April 2025, cybersecurity teams were starkly reminded of the stakes involved in patch management when Microsoft disclosed CVE-2025-29824, a zero-day privilege escalation flaw in the Windows Common Log File System (CLFS) driver. In April 2025, ...
1 month ago Cybersecuritynews.com CVE-2025-29824
Windows 10 KB5058379 Update Boots PCs into Windows Recovery & Require BitLocker key - “I would like to inform you that we are currently experiencing a known issue with the May Month Patch KB5058379, titled ‘BitLocker Recovery Triggered on Windows 10 devices after installing KB5058379′ on Windows 10 machines,” a ...
1 month ago Cybersecuritynews.com
Hackers Attacking Industrial Automation Systems With 11,600+ Malware Families - Industrial automation systems worldwide are facing an unprecedented scale of cyber threats, with security researchers detecting a staggering 11,679 distinct malware families targeting critical infrastructure in the first quarter of 2025. Securelist ...
1 month ago Cybersecuritynews.com
UK National Health Service suppliers asked to tackle ‘endemic’ ransomware attacks | The Record from Recorded Future News - The letter sets out NHS England’s views on best practices from suppliers, and asks them to take several steps — including to maintain immutable backups for recovery purposes, ensure multifactor authentication is turned on for network access, and ...
1 month ago Therecord.media
Hackers Actively Exploiting PowerShell to Evade Antivirus & EDR - Cyber Security News - The visualization reveals how legitimate Windows processes are hijacked to execute malicious code, creating a complex chain that makes attribution and detection challenging for security teams. Cybersecurity experts have identified a concerning trend ...
1 month ago Cybersecuritynews.com
Cybersecurity for Mergers and Acquisitions - A CISO’s Guide - Recent analyses reveal that 50% of cybersecurity incidents during M&A processes stem from non-malicious integration challenges, while dark web forums buzz with threat actors exploiting transition vulnerabilities. As global M&A activity ...
1 month ago Cybersecuritynews.com
US charges 12 more suspects linked to $230 million crypto theft - While posing as a Gemini support representative, they deceived the victim into resetting two-factor authentication (2FA) and sharing their screen via AnyDesk (a remote desktop application) after claiming the account had been compromised, which gave ...
1 month ago Bleepingcomputer.com
Mitigating macOS Zero-Day Risks - Tools and Techniques - As macOS zero-day threats grow more sophisticated, combining Apple’s built-in protections with third-party security tools and rigorous security practices provides the most comprehensive defense strategy. These third-party solutions are ...
1 month ago Cybersecuritynews.com CVE-2024-44243
CISA tags recently patched Chrome bug as actively exploited - This is the second actively exploited Chrome zero-day patched by Google this year, after another high-severity Chrome zero-day bug (CVE-2025-2783), which was abused to target Russian government organizations, media outlets, and educational ...
1 month ago Bleepingcomputer.com CVE-2025-2783
Securing Linux Containers - A Guide for Cloud-Native Environments - “A core principle of container security is reducing the attack surface-the total of all points where an unauthorized user could try to access the system,” notes a recent TuxCare security advisory. The most effective container security ...
1 month ago Cybersecuritynews.com
Jenkins Security Update Released With The Fixes for The Vulnerabilities That Exploit CI/CD Pipelines - The Jenkins project has issued a critical security advisory detailing vulnerabilities in five widely used plugins: Cadence vManager, DingTalk, Health Advisor by CloudBees, OpenID Connect Provider, and WSO2 Oauth. OpenID Connect Provider Plugin ...
1 month ago Cybersecuritynews.com CVE-2025-47884
Commit Stomping - An Offensive Technique Let Hackers Manipulate Timestamps in Git to Alter File Metadata - While not a bug or vulnerability, Commit Stomping exploits Git’s flexibility to rewrite the timeline of code changes, posing significant risks to software supply chain security, incident response, and code audits. Inspired by ...
1 month ago Cybersecuritynews.com
Researchers Emulated VanHelsing Ransomware Advanced Tactics & Tools Used - AttackIQ researchers identified that as of May 14, 2025, the VanHelsing operation had already infected five organizations across the United States, France, Italy, and Australia, with data from three non-compliant victims published on their leak site. ...
1 month ago Cybersecuritynews.com
Windows Defender Best Practices - Optimizing Endpoint Protection - Microsoft Defender for Endpoint has emerged as a critical tool in this landscape, offering AI-driven threat detection, automated response, and integration with broader security ecosystems like Microsoft Defender XDR. By combining Defender’s native ...
1 month ago Cybersecuritynews.com
SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access Remotely - SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Discovered by security researcher Ronan Kervella of ...
1 month ago Cybersecuritynews.com
Android 16 Comes with Advanced Device-level Security Setting Protection for 3 Billion Devices - Google has announced a significant enhancement to its Advanced Protection Program with the release of Android 16, introducing a robust device-level security setting aimed at safeguarding users against sophisticated cyber threats. While Android 16 ...
1 month ago Cybersecuritynews.com
Windows 11, Red Hat Linux, & Oracle VirtualBox Hacked - Pwn2Own Day 1 - Sina Kheirkhah (@SinSinology) of Summoning Team and Viettel Cyber Security (@vcslab) both demonstrated successful exploits, each earning $15,000 and 1.5 Master of Pwn points despite the vendor’s prior knowledge of the vulnerabilities. Red Hat Linux ...
1 month ago Cybersecuritynews.com
Proofpoint to Acquire Microsoft 365 Security Provider Hornetsecurity For $1 Billion - Proofpoint, Inc., a global leader in cybersecurity and compliance, has announced a definitive agreement to acquire Hornetsecurity Group, a prominent pan-European provider of AI-powered Microsoft 365 (M365) security, compliance, and data protection ...
1 month ago Cybersecuritynews.com
CISA Warns of Google Chromium 0-Day Vulnerability Actively Exploited in the Wild - Patch Now! - This high-severity issue in Google Chromium involves insufficient policy enforcement in the Loader component, enabling remote attackers to leak cross-origin data via crafted HTML pages. The Cybersecurity and Infrastructure Security Agency (CISA) ...
1 month ago Cybersecuritynews.com CVE-2025-4664
Leak confirms OpenAI's ChatGPT will integrate MCP - ChatGPT is testing support for Model Context Protocol (MCP), which will allow it to connect to third-party services and use them as context. MCP is an open-source standard that allows developers to expose third-party data through ...
1 month ago Bleepingcomputer.com
ChatGPT will soon record, transcribe, and summarize your meetings - As spotted by X user M1Astra, ChatGPT mobile app code clearly mentions a “Record” feature for live meetings that supports pausing, resuming, and turning audio into text. OpenAI may be planning to challenge Microsoft Teams Copilot ...
1 month ago Bleepingcomputer.com
Windows 10 KB5058379 update triggering BitLocker Recovery after install - "I would like to inform you that we are currently experiencing a known issue with the May Month Patch KB5058379, titled "BitLocker Recovery Triggered on Windows 10 devices after installing KB5058379" on Windows 10 machines," an impacted ...
1 month ago Bleepingcomputer.com
Government webmail hacked via XSS bugs in global spy campaign - Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. A malicious JavaScript payload embedded in the HTML body of ...
1 month ago Bleepingcomputer.com Fancy Bear APT28
Ban sales of gear from China’s TP-Link, Republican lawmakers tell Trump administration | The Record from Recorded Future News - In requesting the ban on TP-Link router sales, the lawmakers cited Executive Order 13873, signed by President Donald Trump in his first term, which allows the Commerce Department to prohibit foreign-made products deemed to present threats to national ...
1 month ago Therecord.media
FBI: US officials targeted in voice deepfake attacks since April - This warning is part of a public service announcement issued on Thursday that also provides mitigation measures to help the public spot and block attacks using audio deepfakes (also known as voice deepfakes). The FBI warned that cybercriminals using ...
1 month ago Bleepingcomputer.com
Coinbase Hacked - Massive Data Breach Costs Them $400 Million - Coinbase emphasized that the breach did not impact the security of customer funds, as the involved contractors and employees lacked access to financial systems. The breach, orchestrated by an unknown threat actor, involved the unauthorized access of ...
1 month ago Cybersecuritynews.com
New .NET Multi-stage Loader Attacking Windows Systems to Deploy Malicious Payloads - While earlier variants embedded the second stage as hardcoded strings, newer versions have adopted more sophisticated concealment methods, hiding malicious code within bitmap resources to avoid triggering security alerts. A sophisticated .NET ...
1 month ago Cybersecuritynews.com
Nova Scotia Power confirms hackers stole customer data in cyberattack - Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month. Customers of Nova Scotia Power are advised to remain vigilant for phishing attempts, including ...
1 month ago Bleepingcomputer.com
Hackers Abuse Google Services to Send Malicious Law Enforcement Requests - The attack utilizes official Google infrastructure, including the company’s OAuth system and sites.google.com domain, to create messages that appear to come directly from Google’s trusted [email protected] address. A sophisticated ...
1 month ago Cybersecuritynews.com
CISA Issues Urgent Warning Over Five Actively Exploited Windows 0-Day Vulnerabilities - CISA has issued an urgent alert after adding five new Microsoft Windows zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. Security experts warn that these ...
1 month ago Cybersecuritynews.com
Windows Defender Application Control Bypassed Using Operationalizing Browser Exploits - Researchers have uncovered a sophisticated technique to bypass Windows Defender Application Control (WDAC), a critical Windows security feature designed to prevent unauthorized code execution. The bypass leverages vulnerabilities in trusted Electron ...
1 month ago Cybersecuritynews.com
Threat Actors Weaponizing Open Source Packages to Deliver Malware in Supply Chain Attack - In one campaign linked to North Korean threat actors, Socket.dev researchers discovered a package delivering a loader called “BeaverTail” that stole browser data and cryptocurrency wallet credentials before fetching a more advanced ...
1 month ago Cybersecuritynews.com
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own - Summoning Team's Sina Kheirkhah was awarded another $35,000 for a Chroma zero-day and an already known vulnerability in Nvidia's Triton Inference Server, while STARLabs SG's Billy and Ramdhan earned $60,000 for escaping Docker Desktop and ...
1 month ago Bleepingcomputer.com
U.S. officials Investigating Rogue Communication Devices in Solar Power Inverters - According to security experts familiar with the matter, these unauthorized components create secondary communication channels that may allow remote access to critical energy infrastructure without detection, potentially enabling foreign actors to ...
1 month ago Cybersecuritynews.com
DIOR Cyber Attack - Customers Personal & Financial Data Exposed - “No passwords or payment information, including bank account or payment card information, were in the database affected in the incident… The confidentiality and security of our customers’ data is an absolute priority for the House of Dior. ...
1 month ago Cybersecuritynews.com
Xerox Issues April 2025 Security Patch Update for FreeFlow Print Server v2 - Xerox has announced the release of its April 2025 Security Patch Update for the FreeFlow® Print Server v2 running on Windows® 10, reinforcing the company’s commitment to robust cybersecurity for its production print platforms. The update, ...
1 month ago Cybersecuritynews.com
New Tor Oniux tool anonymizes any Linux app's network traffic - Unlike classic methods like torsocks, which rely on user-space tricks, Oniux uses Linux namespaces to create a fully isolated network environment for each application, preventing data leaks even if the app is malicious or misconfigured. "We are ...
1 month ago Bleepingcomputer.com
TransferLoader Malware Allows Attackers to Execute Arbitrary Commands on Compromised System - Zscaler’s cloud security platform has implemented detections for associated IOCs, including C2 servers like [.]cloud/MDcMkjAxsLKsT and payload hashes such as b55ba0f869f64.... Cybersecurity teams are advised to monitor for unusual IPFS traffic and ...
1 month ago Cybersecuritynews.com
New DarkCloud Stealer Uses AutoIt to Evade Detection & Steal Login Credentials - A new variant of the DarkCloud information-stealing malware has emerged, leveraging the AutoIt scripting language to bypass security tools and harvest sensitive credentials from infected systems. According to researchers at Palo Alto Networks’ Unit ...
1 month ago Cybersecuritynews.com
Chihuahua Stealer Leverages Google Drive Document to Steal Browser Login Credentials - A newly discovered .NET-based infostealer dubbed “Chihuahua Stealer” has emerged as a significant threat, exploiting Google Drive documents to deliver malicious PowerShell scripts and steal sensitive data. Organizations are advised to ...
1 month ago Cybersecuritynews.com
Malicious npm package using steganography downloaded by hundreds - Researchers at Veracode, a code security assessment company, found that the first version of the package was added to the Node Package Manager (NPM) index on March 19 and was benign, as it only collected operating system information from the host. ...
1 month ago Bleepingcomputer.com
Coinbase data breach exposes customer info and government IDs - While the threat actors managed to steal a combination of personally identifiable information of up to 1% of Coinbase's customer base (around 1 million individuals), they couldn't steal customers' private keys or passwords, and couldn't ...
1 month ago Bleepingcomputer.com
Microsoft Outlook Down - Millions of Users Affected With This Longest Outage in Microsoft History - According to Microsoft, affected users attempting to visit sites such as , , , and , along with related regional domains (e.g., .co.uk, .nl, .fr), are encountering a “500 Internal Server Error.” This error indicates a failure in site ...
1 month ago Cybersecuritynews.com
Coinbase offers $20 million bounty after extortion attempt with stolen data | The Record from Recorded Future News - The industry giant said in a regulatory filing with the Securities and Exchange Commission (SEC) that an “unknown threat actor” emailed a demand on May 11 for $20 million, threatening to publish stolen data about Coinbase customers and other ...
1 month ago Therecord.media
Threat Actors Using Weaponized HTML Files to Deliver Horabot Malware - The malware spreads via phishing emails disguised as financial invoices, often titled “Factura Adjunta” (Attached Invoice), and uses a multi-stage payload delivery system involving HTML, VBScript, and PowerShell. To establish persistence, ...
1 month ago Cybersecuritynews.com
Hackers Disguised Remote Access Malware as Microsoft Edge service - While the service name and path were designed to blend in seamlessly with legitimate Windows processes, a closer inspection revealed suspicious command-line arguments, notably --meshServiceName="MicrosoftEdge", which pointed to the presence of a ...
1 month ago Cybersecuritynews.com
Russian Hackers Exploiting MDaemon 0-Day Vulnerability to Hack Webmail Servers - A recently uncovered cyber-espionage campaign linked to Russian state-sponsored actors has been targeting enterprise webmail servers using a critical zero-day vulnerability in MDaemon, a widely used email server software. WeliveSecurity analysts ...
1 month ago Cybersecuritynews.com
TA406 Hackers Attacking to Attack Government Entities to Steal Login Credentials - A Democratic People’s Republic of Korea (DPRK)-linked threat actor tracked as TA406 has intensified cyber espionage efforts against Ukrainian government entities since February 2025, deploying sophisticated phishing campaigns aimed at stealing ...
1 month ago Cybersecuritynews.com
Enisa Launches European Vulnerability Database to Enhance Digital Security - Mandated by the NIS2 Directive, the EUVD is designed to aggregate and interconnect publicly available vulnerability information from a wide array of sources, including national Computer Security Incident Response Teams (CSIRTs), industry threat ...
1 month ago Cybersecuritynews.com
Threat Actors Exploit AI & LLM Tools to Begun Using Them as Offensive Tools - These tools enable threat actors to rapidly generate scanning utilities, exploit code, and evasion tactics, lowering the barrier to entry for sophisticated attacks. Cybercriminals are increasingly weaponizing generative AI and large language models ...
1 month ago Cybersecuritynews.com CVE-2024-10914
Xanthorox - New BlackHat AI Tool Used by Hackers to Launch Phishing & Malware Attacks - As AI-powered crime tools become more sophisticated and accessible, organizations must deploy AI-based detection systems, enhance employee training, and remain vigilant against increasingly convincing phishing and malware attacks. Xanthorox may not ...
1 month ago Cybersecuritynews.com
Node.js Vulnerability Allows Attackers to Crash the Process & Halt Services - The Node.js project has issued urgent security updates after disclosing a high-severity vulnerability that could allow remote attackers to crash Node.js processes, potentially halting critical services and causing widespread denial of service across ...
1 month ago Cybersecuritynews.com CVE-2025-23167
Researchers Unveiled a New Mechanism to Track Compartmentalized Threats - In May 2025, cybersecurity researchers from Cisco Talos and The Vertex Project announced a groundbreaking methodology to combat the rising trend of compartmentalized cyberattacks, where multiple threat actors collaborate to execute distinct stages of ...
1 month ago Cybersecuritynews.com Cactus
macOS Security Guide- Safeguarding Against Adware and Malware - While Apple’s built-in defenses, such as XProtect and Gatekeeper, remain critical, 2024 has exposed vulnerabilities in user behavior and emerging attack vectors leveraging artificial intelligence (AI). As MaaS economies flourish, only layered ...
1 month ago Cybersecuritynews.com
Nation State-Actors Attacking Healthcare Institutions to Sabotage IT & OT Systems - Since early 2024, advanced persistent threat (APT) groups linked to Iran, North Korea, and China have exploited vulnerabilities in healthcare networks to deploy destructive malware, ransomware, and backdoors. These attacks aim to sabotage patient ...
1 month ago Cybersecuritynews.com CVE-2023-34362
Google fixes high severity Chrome flaw with public exploit - The vulnerability was discovered by Solidlab security researcher Vsevolod Kokorin and is described as an insufficient policy enforcement in Google Chrome's Loader component that lets remote attackers leak cross-origin data via maliciously crafted ...
1 month ago Bleepingcomputer.com CVE-2025-2783
New HTTPBot Botnet Expanding Aggressively to Attack Windows Machines - Developed in GoLang, this malware employs a modular design to bypass traditional security measures, using randomized HTTP headers, dynamic URL paths, and cookie manipulation to evade detection. A new botnet family named HTTPBot has emerged as a ...
1 month ago Cybersecuritynews.com

Trending Cyber News (last 7 days)

CVE-2025-5309 - The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution. ...
6 days ago
CVE-2025-6406 - A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/forgot-password.php. The manipulation of the argument fullname ...
1 day ago
CVE-2025-6147 - A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument ...
6 days ago
CVE-2025-34509 - Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and ...
5 days ago
CVE-2025-6141 - A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The ...
6 days ago
CVE-2025-6142 - A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can ...
6 days ago
CVE-2025-6146 - A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url ...
6 days ago
CVE-2025-6148 - A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument ...
6 days ago
CVE-2025-6151 - A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer ...
6 days ago
CVE-2023-5600 - An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific ...
2 days ago
CVE-2025-6177 - Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations ...
6 days ago
CVE-2025-6143 - A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument ...
6 days ago
CVE-2025-6152 - A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path ...
6 days ago
CVE-2025-6404 - A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is ...
1 day ago
CVE-2025-6405 - A vulnerability classified as critical was found in Campcodes Online Teacher Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-teacher-detail.php. The manipulation of the argument editid ...
1 day ago
CVE-2025-6138 - A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ...
6 days ago
CVE-2025-6150 - A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the ...
6 days ago
CVE-2025-6156 - A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-ds.php. The manipulation of the argument ...
5 days ago
CVE-2024-45380 - Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. ...
6 days ago
CVE-2025-6136 - A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql ...
6 days ago
CVE-2025-6139 - A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack ...
6 days ago
CVE-2025-6145 - A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the ...
6 days ago
CVE-2025-6155 - A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is ...
5 days ago
CVE-2024-43422 - Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. ...
6 days ago
CVE-2025-30678 - A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. ...
5 days ago
CVE-2025-30642 - A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. ...
5 days ago
CVE-2024-54183 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus ...
4 days ago
CVE-2025-6192 - Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) ...
4 days ago
CVE-2025-5490 - The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ...
4 days ago
CVE-2025-6330 - A vulnerability classified as critical has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /searchdata.php. The manipulation of the argument searchdata leads to sql injection. It is possible to ...
2 days ago
CVE-2025-6331 - A vulnerability classified as critical was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-directory.php. The manipulation of the argument searchdata leads to ...
2 days ago
CVE-2025-6332 - A vulnerability, which was classified as critical, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /admin/manage-directory.php. The manipulation of the argument del leads ...
2 days ago
CVE-2025-6399 - A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument ...
2 days ago
CVE-2025-6087 - A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy ...
6 days ago
CVE-2025-6137 - A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads ...
6 days ago
CVE-2024-40570 - SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component. ...
5 days ago
CVE-2025-6149 - A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url ...
6 days ago
CVE-2025-4775 - The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and ...
6 days ago
CVE-2024-45065 - Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. ...
6 days ago
CVE-2025-34511 - Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the ...
5 days ago
CVE-2025-30680 - A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. ...
5 days ago
CVE-2025-4965 - The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping ...
4 days ago
CVE-2022-50231 - In the Linux kernel, the following vulnerability has been resolved: ...
4 days ago
CVE-2025-6328 - A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated ...
2 days ago
CVE-2025-3221 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. ...
1 day ago
CVE-2025-6132 - A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql injection. ...
6 days ago
CVE-2025-6140 - A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to ...
6 days ago
CVE-2025-6144 - A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The ...
6 days ago
CVE-2025-23252 - The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure. ...
5 days ago
CVE-2025-52474 - WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and ...
4 days ago