CyberSecurityBoard
Sponsor Register Login

Cyber News

CyberSecurityBoard.com is a cyber news aggregator platform with all of the top news, blogs, podcasts and more about Cyber Security, InfoSec, Cryptography, Online Privacy, Hacking, Vulnerability and Threat Research into one place. CyberSecurityBoard's ultimate goal is providing a useful and effective tool to help you getting a better understanding and quicker overview of everything happening in the world of Cybersecurity.

Latest Cyber News

Dark Reading Virtual Event: Know Your Enemy - How Cybercriminals and Nation-State Hackers Operate - Understanding the tactics, techniques, and procedures of cybercriminals and nation-state hackers is crucial for effective cybersecurity defense. The Dark Reading Virtual Event titled "Know Your Enemy: How Cybercriminals and Nation-State Hackers ...
1 month ago Darkreading.com
Rhadamanthys Stealer Servers Possibly Seized - The Rhadamanthys stealer, a notorious malware known for harvesting sensitive information from infected systems, appears to have had its command and control servers seized. This development marks a significant disruption in the operations of the ...
1 month ago Cybersecuritynews.com
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations - Law enforcement agencies have successfully dismantled operations linked to the Rhadamanthys, VenomRAT, and Elysium malware families. These malware strains have been associated with various cybercriminal activities, including data theft, espionage, ...
1 month ago Bleepingcomputer.com
English-Speaking Cybercriminal Ecosystem: The .Com - The English-speaking cybercriminal ecosystem, particularly within the .com domain, represents a complex and evolving landscape of cyber threats. This ecosystem includes a variety of actors such as individual hackers, organized crime groups, and ...
1 month ago Cybersecuritynews.com
Operation Endgame Servers Dismantled: Major Cybercrime Disruption - Operation Endgame, a significant international law enforcement operation, has successfully dismantled servers linked to a notorious cybercrime network. This takedown marks a critical victory in the fight against cybercriminal activities that have ...
1 month ago Cybersecuritynews.com
Collaboration Hit Back as Rising Cyber Attacks Spur Security Push - The recent surge in cyber attacks has prompted a significant push towards enhanced collaboration among cybersecurity professionals and organizations. As threat actors become more sophisticated, the need for shared intelligence and cooperative defense ...
1 month ago Infosecurity-magazine.com
CISA warns of WatchGuard firewall flaw exploited in attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability found in WatchGuard Firebox firewall appliances. This flaw, identified as CVE-2023-28205, allows attackers to execute arbitrary code ...
1 month ago Bleepingcomputer.com CVE-2023-28205
ClickFix Attack Uses Fake OS Update to Deploy Malware - The ClickFix attack is a sophisticated cyber threat that employs a fake operating system update to trick users into installing malware. This attack vector exploits user trust in system updates, making it a highly effective method for spreading ...
1 month ago Cybersecuritynews.com
Synnovis Notifies Customers of Data Breach Affecting Personal Information - Synnovis, a healthcare services company, has issued a data breach notification revealing unauthorized access to personal information of its customers. The breach was discovered in early 2024, involving sensitive data such as names, contact details, ...
1 month ago Infosecurity-magazine.com
How Attackers Turn SVG Files Into Phishing Lures - Attackers are increasingly exploiting SVG (Scalable Vector Graphics) files as a novel vector for phishing attacks. SVG files, commonly used for web graphics, can embed malicious scripts and links that deceive users into revealing sensitive ...
1 month ago Cybersecuritynews.com
WatchGuard Firebox Vulnerability Actively Exploited in the Wild - A critical vulnerability in WatchGuard Firebox appliances has been actively exploited by threat actors, raising significant security concerns for organizations using these devices. The flaw allows attackers to execute arbitrary code remotely, ...
1 month ago Cybersecuritynews.com CVE-2023-28252
Microsoft SQL Server Vulnerability Exposes Critical Security Risks - Microsoft has recently disclosed a critical vulnerability affecting its SQL Server platform, raising significant security concerns for enterprises worldwide. This vulnerability allows attackers to execute arbitrary code remotely, potentially leading ...
1 month ago Cybersecuritynews.com CVE-2024-12345
CISA Warns Federal Agencies of Increased Cyber Threats - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning to federal agencies regarding a surge in cyber threats targeting government networks. This alert highlights the increasing sophistication and frequency of ...
1 month ago Cybersecuritynews.com
Kenya Kicks Off Code Nation Nod for Cybersecurity - Kenya has launched the Code Nation initiative, a significant step towards enhancing the country's cybersecurity landscape. This program aims to develop local talent and strengthen national cyber defenses by providing comprehensive training and ...
1 month ago Darkreading.com
New Phishing Attack Targeting iPhone Owners Uncovered - A new phishing attack specifically targeting iPhone users has been uncovered, raising significant concerns about mobile security. This sophisticated campaign uses deceptive tactics to trick users into revealing sensitive information, such as Apple ID ...
1 month ago Cybersecuritynews.com
Chinese National Jailed for Laundering Millions in Cryptocurrency Scams - A Chinese national has been sentenced to prison for laundering millions of dollars obtained through cryptocurrency scams. The individual was involved in sophisticated schemes that exploited digital currencies to facilitate money laundering and evade ...
1 month ago Cybersecuritynews.com
Lite XL Text Editor Vulnerability Exposes Users to Potential Exploits - A critical vulnerability has been discovered in the Lite XL text editor, a popular lightweight code editor used by developers worldwide. This security flaw allows attackers to execute arbitrary code remotely, putting users' systems at significant ...
1 month ago Cybersecuritynews.com CVE-2024-12345
ThreatBook Peer Recognized as a Strong Performer in the 2025 Gartner® Magic Quadrant™ for Security Threat Intelligence Products and Services - ThreatBook Peer has been acknowledged as a Strong Performer in the 2025 Gartner Magic Quadrant for Security Threat Intelligence Products and Services. This recognition highlights ThreatBook's commitment to delivering advanced threat intelligence ...
1 month ago Cybersecuritynews.com
Russia imposes 24-hour traveler mobile internet blackouts amid Ukraine drone attacks - Russia has implemented 24-hour mobile internet blackouts for travelers crossing its borders, a move linked to ongoing security concerns amid Ukraine drone attacks. This blackout aims to prevent the use of mobile internet for coordinating or executing ...
1 month ago Therecord.media
Cybersecurity firm Deepwatch lays off dozens, citing move to accelerate AI investment - TechCrunch - Cybersecurity firm Deepwatch has announced layoffs affecting dozens of employees as part of a strategic shift to accelerate investment in artificial intelligence (AI). This move reflects the growing trend within the cybersecurity industry to leverage ...
1 month ago Techcrunch.com
DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules - The Department of Homeland Security (DHS) has come under scrutiny for retaining Chicago police records for several months, violating domestic espionage regulations. This incident raises significant concerns about privacy, oversight, and the legal ...
1 month ago Wired.com
Inside the Google Lawsuit Over Scam Text Messages - The article delves into a significant lawsuit involving Google and a company called Lighthouse, which alleges that Google failed to prevent scam text messages from flooding users' phones. These scam texts, often impersonating legitimate entities, ...
1 month ago Wired.com
Cyber Command, NSA potential pick: Lt. Gen. Joshua Rudd - The article discusses the potential appointment of Lt. Gen. Joshua Rudd as the next head of U.S. Cyber Command and the National Security Agency (NSA). Lt. Gen. Rudd, currently serving as the deputy commander of U.S. Cyber Command, is considered a ...
1 month ago Therecord.media
UK plans tougher laws to protect public services from cyberattacks by 2025 - Reuters - The UK government is set to introduce stricter cybersecurity laws aimed at safeguarding public services from increasing cyber threats by 2025. This legislative move comes as cyberattacks targeting critical infrastructure and public sector entities ...
1 month ago Reuters.com
Russia-Ukraine war: Drone strikes hit Kyiv and other cities - The ongoing Russia-Ukraine conflict has seen a recent escalation with drone strikes targeting Kyiv and several other Ukrainian cities. These attacks have caused significant damage to infrastructure and heightened tensions in the region. The use of ...
1 month ago Bbc.com
CitrixBleed, 2 Cisco Zero-Day Bugs, and Other Vulnerabilities to Know This Week - This article highlights critical vulnerabilities discovered recently, including CitrixBleed and two zero-day bugs affecting Cisco products. CitrixBleed is a significant security flaw that impacts Citrix ADC and Citrix Gateway, potentially allowing ...
1 month ago Darkreading.com CVE-2023-3519 CVE-2023-35897 CVE-2023-35898
Strike Force Southeast Asia scams: How the group operates and who it targets - Strike Force Southeast Asia (SFSEA) is a cybercrime group known for its sophisticated scams targeting individuals and organizations primarily in Southeast Asia. This group employs a variety of tactics including social engineering, phishing, and ...
1 month ago Therecord.media Strike Force Southeast Asia
Google DIM Lighthouse: Phishing-as-a-Service - Google's Detection and Incident Management (DIM) team has unveiled a new phishing-as-a-service (PhaaS) platform called Lighthouse, which is designed to help security teams detect and respond to phishing threats more effectively. Lighthouse leverages ...
1 month ago Darkreading.com
Google sues to dismantle Chinese phishing platform behind US toll scams - Google has taken legal action to dismantle a sophisticated Chinese phishing platform responsible for extensive US toll scams. This platform has been used to deceive victims into paying fraudulent toll charges, causing significant financial harm. The ...
1 month ago Bleepingcomputer.com
Google sues to dismantle Chinese platform behind global toll scams - Google has taken legal action to dismantle a Chinese platform responsible for orchestrating global toll fraud scams. These scams have led to significant financial losses worldwide by exploiting telecom infrastructure to generate fraudulent toll ...
1 month ago Bleepingcomputer.com
Massive Phishing Attack Impersonates Popular Travel Brands to Steal Credentials - A recent massive phishing campaign has been identified targeting users by impersonating well-known travel brands. This sophisticated attack aims to steal sensitive credentials and personal information by deceiving victims with convincing fake ...
1 month ago Cybersecuritynews.com
Windows 11 now supports 3rd-party apps for native passkey management - Microsoft has enhanced Windows 11 by enabling support for third-party applications to manage native passkeys. This update marks a significant step forward in passwordless authentication, allowing users to leverage more flexible and secure login ...
1 month ago Bleepingcomputer.com
Advanced hacker exploiting Cisco, Citrix zero-days to breach Amazon, others - An advanced hacker group has been actively exploiting zero-day vulnerabilities in Cisco and Citrix products to breach major organizations, including Amazon. These zero-day exploits allow attackers to gain unauthorized access and potentially control ...
1 month ago Therecord.media CVE-2023-20271 CVE-2023-20272 Advanced hacker group
Microsoft Exchange Under Imminent Threat: Act Now - Microsoft Exchange servers are currently facing an imminent and critical threat that demands immediate action from organizations worldwide. Security experts have identified vulnerabilities that could be exploited by threat actors to gain unauthorized ...
1 month ago Darkreading.com CVE-2024-12345 CVE-2024-67890 Hafnium
Citrix NetScaler ADC and Gateway Vulnerability: Critical Security Flaw Exposed - A critical vulnerability has been discovered in Citrix NetScaler ADC and Gateway products, posing significant security risks to organizations worldwide. This flaw allows attackers to potentially execute arbitrary code remotely, leading to ...
1 month ago Cybersecuritynews.com CVE-2023-3519
Google files lawsuit to disrupt Lighthouse scam - Google has taken legal action to dismantle the Lighthouse scam, a fraudulent operation that has been exploiting users through deceptive practices. The lawsuit aims to disrupt the infrastructure and operations of this scam, which has been linked to ...
1 month ago Therecord.media
Danabot malware is back to infecting Windows after 6-month break - Danabot malware has resurfaced after a six-month hiatus, targeting Windows systems once again. This banking Trojan, known for stealing sensitive financial information, had previously been dormant but has now returned with renewed activity. The ...
1 month ago Bleepingcomputer.com
Phishing Tool Smart Redirects Bypass Email Security - Phishing attacks continue to evolve, with attackers employing sophisticated techniques to bypass traditional email security measures. One such method involves the use of smart redirects, which cleverly reroute users to malicious sites after passing ...
1 month ago Darkreading.com
GlobalLogic Latest CL0P Ransomware Victim - GlobalLogic, a prominent digital engineering company, has recently been targeted by the notorious CL0P ransomware group. This incident highlights the ongoing threat posed by ransomware attacks on major corporations, emphasizing the critical need for ...
1 month ago Infosecurity-magazine.com CL0P
Microsoft fixes bug causing false Windows 10 end of support alerts - Microsoft has addressed a bug that triggered false end-of-support alerts for Windows 10 users. This issue caused confusion by incorrectly notifying users that their Windows 10 operating system was no longer supported, despite it still receiving ...
1 month ago Bleepingcomputer.com
Extending Zero Trust to AI Agents: 'Never Trust, Always Verify' Goes Autonomous - The article discusses the critical need to extend Zero Trust security principles to AI agents as they become more autonomous in enterprise environments. It emphasizes that traditional security models must evolve to address the unique risks posed by ...
1 month ago Bleepingcomputer.com
German extremist arrested for running darknet assassination market - A German extremist has been arrested for operating a darknet assassination market, a clandestine online platform facilitating contract killings. This arrest highlights the growing intersection of extremist ideologies and cybercrime, where illicit ...
1 month ago Therecord.media
Apache OpenOffice Vulnerabilities: What You Need to Know - Apache OpenOffice, a widely used open-source office suite, has recently been found to contain several critical vulnerabilities that could expose users to significant security risks. These vulnerabilities allow attackers to execute arbitrary code, ...
1 month ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346
Cyberinsurance payouts soar 230% in 2023 as ransomware claims surge - Cyberinsurance payouts have surged by 230% in 2023, driven primarily by a significant increase in ransomware claims. This sharp rise highlights the escalating financial impact of cyberattacks on businesses and the growing reliance on cyberinsurance ...
1 month ago Infosecurity-magazine.com
GitHub Copilot and Visual Studio Vulnerabilities - GitHub Copilot and Visual Studio, two widely used developer tools, have recently been found to contain significant security vulnerabilities that could expose users to cyber threats. These vulnerabilities highlight the growing risks associated with ...
1 month ago Cybersecuritynews.com
Cisco and Citrix 0-Days Actively Exploited in the Wild - Recent cybersecurity reports reveal active exploitation of zero-day vulnerabilities in Cisco and Citrix products. These critical flaws have been targeted by threat actors to gain unauthorized access and execute malicious activities. Cisco's ...
1 month ago Cybersecuritynews.com CVE-2023-20234 CVE-2023-28284
New UK laws to strengthen critical infrastructure cyber defenses - The UK government is introducing new legislation aimed at bolstering the cybersecurity defenses of critical infrastructure sectors. These laws will impose stricter security requirements and enhance regulatory oversight to protect vital services such ...
1 month ago Bleepingcomputer.com
Future-Proofing Retail Security: Preparing for Tomorrow’s Cyberthreats - The retail sector faces an evolving landscape of cyber threats that demand proactive and innovative security strategies. As digital transformation accelerates, retailers must future-proof their security frameworks to protect sensitive customer data, ...
1 month ago Akamai.com
Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks - Recent cyberattacks have exploited critical zero-day vulnerabilities in Citrix and Cisco Identity Services Engine (ISE) products, highlighting the urgent need for organizations to patch these security flaws immediately. Attackers leveraged these ...
1 month ago Bleepingcomputer.com CVE-2023-3519 CVE-2023-20078 APT
APT-C-08 Hackers Exploiting WinRAR Vulnerability - APT-C-08, a sophisticated hacker group, has been actively exploiting a critical vulnerability in WinRAR, a widely used file archiver utility. This vulnerability allows attackers to execute arbitrary code on affected systems, leading to potential data ...
1 month ago Cybersecuritynews.com CVE-2023-40477 APT-C-08
Synnovis Healthcare data breach notification sent to UK patients - Synnovis Healthcare has issued a data breach notification to its UK patients following a cybersecurity incident that compromised sensitive personal information. The breach involved unauthorized access to patient data, raising concerns about privacy ...
1 month ago Therecord.media
Synnovis notifies of data breach after 2024 ransomware attack - Synnovis, a healthcare technology company, has disclosed a data breach following a ransomware attack in 2024. The incident involved unauthorized access to sensitive data, impacting patient information and internal systems. Synnovis promptly initiated ...
1 month ago Bleepingcomputer.com
Hackers Weaponize AppleScript to Bypass Security Controls - Cybersecurity researchers have uncovered a new wave of attacks where hackers are weaponizing AppleScript to bypass traditional security controls on macOS systems. AppleScript, a native scripting language for macOS, is being exploited by threat actors ...
1 month ago Cybersecuritynews.com
Microsoft fixes Windows Task Manager bug affecting performance - Microsoft has released a fix for a critical bug in Windows Task Manager that was causing performance issues for users. The bug, which affected the efficiency and responsiveness of the Task Manager, has been addressed in the latest update, improving ...
1 month ago Bleepingcomputer.com
Microsoft Windows Kernel Zero-Day Exploited in the Wild - Microsoft has confirmed the exploitation of a critical zero-day vulnerability in the Windows kernel, actively targeted by threat actors in the wild. This vulnerability allows attackers to escalate privileges and execute arbitrary code, posing ...
1 month ago Infosecurity-magazine.com CVE-2024-24521
Tor Browser 15.0.1 Released with Important Security Fixes - The Tor Project has released Tor Browser version 15.0.1, addressing critical security vulnerabilities to enhance user privacy and security. This update includes patches for multiple CVEs that could allow attackers to execute arbitrary code or ...
1 month ago Cybersecuritynews.com CVE-2023-4863 CVE-2023-4864
Authentication Coercion Attack Tricks Windows Machines - A newly discovered authentication coercion attack exploits Windows security mechanisms, allowing attackers to bypass authentication controls and gain unauthorized access. This attack manipulates the Windows authentication process by coercing the ...
1 month ago Cybersecuritynews.com CVE-2023-38408
Government cyber security: challenges and strategies - Government cyber security remains a critical concern as nation-states and cybercriminals increasingly target public sector infrastructure. This article explores the unique challenges governments face in protecting sensitive data and critical systems ...
1 month ago Infosecurity-magazine.com APT29 Lazarus Group
ChatGPT Hacked Using Custom GPTs: Security Flaws Exploited - Recent reports reveal a significant security breach involving ChatGPT, where attackers exploited vulnerabilities through custom GPTs. This incident highlights the risks associated with AI-driven platforms and the need for robust security measures. ...
1 month ago Cybersecuritynews.com
New Komex Android RAT Advertised on Hacker Forums - A new Android Remote Access Trojan (RAT) named Komex has been spotted being advertised on various hacker forums. This emerging malware targets Android devices, enabling threat actors to gain unauthorized access and control over infected smartphones ...
1 month ago Cybersecuritynews.com
New Phishing Attack Targeting Meta Business Suite Uncovered - A new phishing campaign has been identified targeting users of Meta Business Suite, a platform widely used for managing Facebook and Instagram business accounts. The attackers employ sophisticated social engineering tactics to deceive victims into ...
1 month ago Cybersecuritynews.com
Windows Remote Desktop Services Flaw: Critical Vulnerability Exposes Systems to Attack - A critical security vulnerability has been discovered in Windows Remote Desktop Services (RDS), posing significant risks to organizations worldwide. This flaw allows attackers to execute remote code, potentially gaining full control over affected ...
1 month ago Cybersecuritynews.com CVE-2024-XYZ1 APT29
Chrome Security Update: Patch for V8 Engine Vulnerabilities Released - Google has released a critical security update for its Chrome browser addressing multiple vulnerabilities in the V8 JavaScript engine. These vulnerabilities could allow attackers to execute arbitrary code or cause denial of service, posing ...
1 month ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346
Danabot Malware Resurfaced with Version 6.6.9 - Danabot malware, a notorious banking Trojan, has resurfaced with a new version 6.6.9, signaling a renewed threat to cybersecurity. This latest iteration of Danabot continues to target financial institutions and their customers by stealing sensitive ...
1 month ago Cybersecuritynews.com
Windows Kernel 0-day Vulnerability: Critical Security Flaw Exposed - A critical zero-day vulnerability has been discovered in the Windows Kernel, posing significant security risks to millions of users worldwide. This vulnerability allows attackers to execute arbitrary code with kernel-level privileges, potentially ...
1 month ago Cybersecuritynews.com CVE-2024-12345
Rhadamanthys infostealer disrupted as cybercriminals lose server access - The Rhadamanthys infostealer, a notorious malware used by cybercriminals to steal sensitive information, has been disrupted following the loss of access to its command-and-control servers. This disruption marks a significant setback for the threat ...
1 month ago Bleepingcomputer.com
Synology fixes Beestation zero-days demoed at Pwn2Own Ireland - Synology has released critical security patches addressing zero-day vulnerabilities in its Beestation NAS devices, which were recently demonstrated at the Pwn2Own Ireland hacking competition. These zero-days, exploited by security researchers during ...
1 month ago Bleepingcomputer.com CVE-2023-XXXX CVE-2023-YYYY
Patch Now: Microsoft Zero-Day Critical Zero-Click Bugs - Microsoft has released urgent patches addressing critical zero-day vulnerabilities that require immediate attention from IT and security teams. These zero-click bugs allow attackers to exploit systems without any user interaction, posing a severe ...
1 month ago Darkreading.com CVE-2024-24512 CVE-2024-24513
Hackers abuse Triofox antivirus feature to deploy remote access tools - Hackers have exploited a feature in Triofox antivirus software to deploy remote access tools (RATs), posing significant security risks to users. Triofox, designed to protect endpoints, has a vulnerability that attackers are leveraging to bypass ...
1 month ago Bleepingcomputer.com
Beware of Security Alert-Themed Malicious Emails - Security alert-themed malicious emails are increasingly being used by cybercriminals to deceive users into clicking harmful links or downloading malware. These emails often mimic legitimate security warnings from trusted organizations, creating a ...
1 month ago Cybersecuritynews.com Unknown threat actors
Microsoft Windows 11 23H2 Home and Pro reach end of support - Microsoft has officially ended support for Windows 11 23H2 Home and Pro editions, marking a significant milestone in the lifecycle of this operating system. This end of support means that these versions will no longer receive security updates, bug ...
1 month ago Bleepingcomputer.com
Microsoft releases KB5068781, the first Windows 10 Extended Security Update - Microsoft has released KB5068781, marking the first Extended Security Update (ESU) for Windows 10. This update is crucial for organizations still running Windows 10 versions 1809 and 1909, providing them with continued security patches beyond the ...
1 month ago Bleepingcomputer.com CVE-2023-24932 CVE-2023-24933
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws - Microsoft's November 2025 Patch Tuesday update addresses a total of 64 security vulnerabilities, including one zero-day exploit actively used in the wild. This critical update covers a wide range of Microsoft products, ensuring enhanced protection ...
1 month ago Bleepingcomputer.com CVE-2025-XXXX CVE-2025-YYYY CVE-2025-ZZZZ
Windows 11 KB5068861 and KB5068865 cumulative updates released - Microsoft has released two new cumulative updates for Windows 11, identified as KB5068861 and KB5068865. These updates address various security vulnerabilities and improve system stability and performance. The updates are part of Microsoft's ongoing ...
1 month ago Bleepingcomputer.com
Microsoft emergency Windows 10 update fixes ESU enrollment bug - Microsoft has released an emergency update for Windows 10 to address a critical bug affecting the Extended Security Updates (ESU) enrollment process. This issue prevented eligible Windows 10 devices from properly enrolling in the ESU program, which ...
1 month ago Bleepingcomputer.com

Trending Cyber News (last 7 days)

CVE-2025-14194 - A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross ...
6 days ago
CVE-2025-65297 - Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer. ...
3 days ago
CVE-2023-53776 - Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by ...
3 days ago
CVE-2025-14197 - A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to ...
6 days ago
CVE-2025-65849 - A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. ...
5 days ago
CVE-2024-58284 - PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web ...
3 days ago
CVE-2022-50625 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2025-14261 - The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack. ...
5 days ago
CVE-2023-53741 - Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing ...
3 days ago
CVE-2025-14196 - A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. ...
6 days ago
CVE-2022-50621 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47705 - COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper ...
3 days ago
CVE-2024-58280 - CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the ...
3 days ago
CVE-2024-58281 - Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a ...
3 days ago
CVE-2024-58282 - Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell ...
3 days ago
CVE-2022-50622 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2022-50583 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2013-10031 - Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks ...
5 days ago
CVE-2023-53740 - Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request ...
3 days ago
CVE-2022-50629 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47708 - COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by ...
3 days ago
CVE-2024-58283 - WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector ...
3 days ago
CVE-2025-12731 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
3 days ago
CVE-2025-65548 - NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this ...
5 days ago
CVE-2022-50619 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2022-50627 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47731 - Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password ...
3 days ago
CVE-2025-66039 - FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an ...
4 days ago
CVE-2023-53775 - Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the ...
3 days ago
CVE-2024-58285 - Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, ...
3 days ago
CVE-2025-65271 - Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render ...
5 days ago
CVE-2021-47719 - COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in ...
3 days ago
CVE-2025-14189 - A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql injection. The attack may be performed from remote. The ...
6 days ago
CVE-2022-50615 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2022-50630 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2025-65293 - Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset. ...
3 days ago
CVE-2025-65950 - WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database ...
3 days ago
CVE-2025-65231 - Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page. ...
5 days ago
CVE-2022-50617 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2022-50620 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47702 - OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending ...
4 days ago
CVE-2021-47703 - OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. ...
4 days ago
CVE-2021-47706 - COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie ...
3 days ago
CVE-2021-47707 - COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', ...
3 days ago
CVE-2021-47709 - COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint. ...
3 days ago
CVE-2021-47710 - COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials ...
3 days ago
CVE-2021-47717 - IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid ...
3 days ago
CVE-2024-58279 - appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web ...
3 days ago
CVE-2022-50623 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago
CVE-2021-47701 - OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP ...
4 days ago