CVE | CyberSecurityBoard

Latest Cyber News

CVE-2025-27097 - GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user ...
12 hours ago Tenable.com

CVE-2025-27098 - GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check ...
12 hours ago Tenable.com

CVE-2025-0352 - Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. ...
13 hours ago Tenable.com

CVE-2025-1265 - An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. ...
13 hours ago Tenable.com

CVE-2025-24893 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and ...
13 hours ago Tenable.com

CVE-2025-25299 - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user ...
13 hours ago Tenable.com

CVE-2025-27096 - WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerability allow an authorized attacker to execute ...
14 hours ago Tenable.com

CVE-2023-51336 - PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field ...
14 hours ago Tenable.com

CVE-2023-51337 - PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. ...
14 hours ago Tenable.com

CVE-2023-51338 - PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. ...
14 hours ago Tenable.com

CVE-2023-51339 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
14 hours ago Tenable.com

CVE-2024-7141 - Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw. ...
14 hours ago Tenable.com

CVE-2025-26618 - Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use ...
14 hours ago Tenable.com

CVE-2025-1258 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
15 hours ago Tenable.com

CVE-2025-25968 - DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the ...
15 hours ago Tenable.com

CVE-2025-25973 - A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters. ...
15 hours ago Tenable.com

CVE-2025-27091 - OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is ...
15 hours ago Tenable.com

CVE-2024-46933 - An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access. ...
15 hours ago Tenable.com

CVE-2024-54958 - Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other ...
15 hours ago Tenable.com

CVE-2024-54959 - Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS). ...
15 hours ago Tenable.com

CVE-2024-54960 - A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component. ...
15 hours ago Tenable.com

CVE-2024-54961 - Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. ...
15 hours ago Tenable.com

CVE-2024-55457 - MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive ...
15 hours ago Tenable.com

CVE-2023-51333 - PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in ...
15 hours ago Tenable.com

CVE-2023-51334 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
15 hours ago Tenable.com

CVE-2023-51335 - PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. ...
15 hours ago Tenable.com

CVE-2025-26311 - Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file. ...
16 hours ago Tenable.com

CVE-2025-26304 - A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8. ...
16 hours ago Tenable.com

CVE-2025-26305 - A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. ...
16 hours ago Tenable.com

CVE-2025-26306 - A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted file. ...
16 hours ago Tenable.com

CVE-2025-26307 - A memory leak has been identified in the parseSWF_IMPORTASSETS2 function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. ...
16 hours ago Tenable.com

CVE-2025-26308 - A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. ...
16 hours ago Tenable.com

CVE-2025-26309 - A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. ...
16 hours ago Tenable.com

CVE-2025-26310 - Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file. ...
16 hours ago Tenable.com

CVE-2024-57716 - An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. ...
16 hours ago Tenable.com

CVE-2025-0161 - IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. ...
17 hours ago Tenable.com

CVE-2023-51321 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
17 hours ago Tenable.com

CVE-2023-51323 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
17 hours ago Tenable.com

CVE-2023-51324 - PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field ...
17 hours ago Tenable.com

CVE-2023-51325 - PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. ...
17 hours ago Tenable.com

CVE-2023-51326 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
17 hours ago Tenable.com

CVE-2023-51327 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
17 hours ago Tenable.com

CVE-2023-51330 - PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. ...
17 hours ago Tenable.com

CVE-2023-51331 - PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in ...
17 hours ago Tenable.com

CVE-2023-51332 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
17 hours ago Tenable.com

CVE-2023-51317 - PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. ...
17 hours ago Tenable.com

CVE-2023-51318 - PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. ...
17 hours ago Tenable.com

CVE-2023-51319 - PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in ...
17 hours ago Tenable.com

CVE-2023-51320 - PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field ...
17 hours ago Tenable.com

CVE-2024-57401 - SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. ...
18 hours ago Tenable.com

CVE-2025-20059 - Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9. ...
18 hours ago Tenable.com

CVE-2023-51310 - A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a ...
18 hours ago Tenable.com

CVE-2023-51311 - PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in ...
18 hours ago Tenable.com

CVE-2023-51312 - PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter. ...
18 hours ago Tenable.com

CVE-2023-51313 - PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in ...
18 hours ago Tenable.com

CVE-2023-51314 - A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a ...
18 hours ago Tenable.com

CVE-2023-51315 - PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters. ...
18 hours ago Tenable.com

CVE-2023-51316 - A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
18 hours ago Tenable.com

CVE-2023-51306 - PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters. ...
18 hours ago Tenable.com

CVE-2023-51308 - PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. ...
18 hours ago Tenable.com

CVE-2023-51309 - A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of ...
18 hours ago Tenable.com

CVE-2025-1039 - The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for ...
20 hours ago Tenable.com

CVE-2025-1043 - The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for ...
21 hours ago Tenable.com

CVE-2025-21105 - Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative ...
21 hours ago Tenable.com

CVE-2025-21106 - Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system. ...
21 hours ago Tenable.com

CVE-2024-49344 - IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. ...
21 hours ago Tenable.com

CVE-2024-49779 - IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters ...
21 hours ago Tenable.com

CVE-2024-49781 - IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory ...
21 hours ago Tenable.com

CVE-2025-0868 - A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This ...
21 hours ago Tenable.com

CVE-2024-49337 - IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit ...
21 hours ago Tenable.com

CVE-2025-1328 - The Typed JS: A typewriter style animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘typespeed’ parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. ...
23 hours ago Tenable.com

CVE-2025-1483 - The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This ...
23 hours ago Tenable.com

CVE-2024-13802 - The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user ...
23 hours ago Tenable.com

CVE-2024-13849 - The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ...
23 hours ago Tenable.com

CVE-2024-13855 - The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it ...
23 hours ago Tenable.com

Trending Cyber News (last 7 days)

Sophisticated Phishing Attacks Targeting Decision-Makers Including CEOs and CTOs - Security experts at Hackmosphere noted that the results shows the critical risks for organizations: 24% of CEOs clicked malicious links in test emails, compared to just 6% of CTOs, emphasizing discrepancies in threat perception among leadership ...
19 hours ago Cybersecuritynews.com

X now blocks Signal contact links, flags them as malicious - According to BleepingComputer's tests and other users' reports, attempting to post Signal.me links via public posts, direct messages, or profile bios receive error messages citing spam or malware risks. Social media platform X (formerly Twitter) is ...
3 days ago Bleepingcomputer.com

Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access - In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. These emails prompt recipients to authenticate using the ...
4 days ago Cybersecuritynews.com

Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number - According to Gokuleswaran, a Cyber Security Analyst, the vulnerability allowed unauthorized users to access private KYC records by exploiting a flaw in the portal’s URL structure. This breach exemplifies how IDOR vulnerabilities can lead to ...
3 days ago Cybersecuritynews.com

Pennsylvania utility says MOVEit breach at vendor exposed some customer data | The Record from Recorded Future News - PPL Electric Utilities said in an emailed statement that the vendor notified it in June 2023 of a breach through a widespread bug in the MOVEit file transfer software, which affected hundreds of organizations and exposed the data of tens of millions ...
6 days ago Therecord.media

Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication - Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The threat ...
3 days ago Cybersecuritynews.com

New Go-Based Malware Exploits Telegram and Use It as C2 Channel - Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. Netskope Advanced Threat Protection proactively detects this threat under the identifier ...
5 days ago Cybersecuritynews.com

PurpleLab - A Free Cybersecurity Lab for Security Teams To Analyse Cyber Threats - PurpleLab is a cybersecurity lab that integrates various tools and technologies to support analysts in testing detection rules and simulating real-world cyber threats. In a significant step forward for cybersecurity professionals, PurpleLab offers an ...
4 days ago Cybersecuritynews.com

New Android Security Feature that Blocks Changing Sensitive Setting During Calls - A common tactic involves guiding victims over the phone to enable sideloading or accessibility permissions, which allow malicious apps to bypass safeguards and gain control of the device. This feature, currently live in the beta version, prevents ...
4 days ago Cybersecuritynews.com

Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry - Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. [+] SharpDelete by Andrew Petrus - Tool to delete hidden registry values ...
4 days ago Cybersecuritynews.com

Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment - A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate ...
4 days ago Cybersecuritynews.com

Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely - A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This campaign shows the importance of continuous WordPress ...
3 days ago Cybersecuritynews.com

RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems - With RansomHub actively exploiting zero-day vulnerabilities and recruiting displaced ALPHV/LockBit affiliates, organizations must strengthen endpoint security and ensure backup isolation to prevent potential attacks. RansomHub ransomware group ...
3 days ago Cybersecuritynews.com

CVE-2025-0822 - Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of ...
5 days ago Tenable.com

CVE-2024-13500 - The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 ...
5 days ago Tenable.com

CVE-2024-13439 - The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated ...
5 days ago Tenable.com

CVE-2025-26793 - The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial ...
5 days ago Tenable.com

Meta Paid Out $2.3 Million to Researchers via Bug Bounty Program - This initiative, which began in 2011, has now surpassed $20 million in total payouts, underscoring Meta’s dedication to collaborating with the global security research community to enhance platform safety and integrity. Meta’s bug bounty ...
4 days ago Cybersecuritynews.com

CISA Warns of Apple iOS Vulnerability Exploited in Wild - The flaw, an authorization bypass in Apple’s USB Restricted Mode, enables attackers with physical access to disable security protections on locked devices, potentially exposing sensitive data. CVE-2025-24200, cataloged under CWE-863 (Incorrect ...
3 days ago Cybersecuritynews.com

Fintech giant Finastra notifies victims of October data breach - While Finastra has yet to share the number of individuals affected by the data breach and the nature of the exposed data (besides victims' names), the company started sending breach notification letters last week to at least 65 people in the state ...
3 days ago Bleepingcomputer.com

Microsoft reminds admins to prepare for WSUS driver sync deprecation - Introduced as Software Update Services (SUS) in 2005, almost two decades ago, WSUS enables IT admins to manage and distribute updates for Microsoft products across enterprise networks with large numbers of Windows devices from a single server instead ...
2 days ago Bleepingcomputer.com

Venture capital giant Insight Partners hit by cyberattack - After discovering the breach, Insight Partners notified law enforcement in relevant jurisdictions and hired third-party cybersecurity experts to investigate its impact. "We are working diligently to determine the scope of the incident with the ...
2 days ago Bleepingcomputer.com

Microsoft: Hackers steal emails in device code phishing attacks - "The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such ...
5 days ago Bleepingcomputer.com

CVE-2025-1359 - A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross ...
4 days ago Tenable.com

CVE-2025-1354 - A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the ...
4 days ago Tenable.com

Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB - In one demonstrated attack chain, researchers gained admin access via default credentials (Xerox devices often retain factory defaults), modified LDAP settings to attacker IP, triggered LDAP sync via “Test Connection” feature and used captured ...
3 days ago Cybersecuritynews.com

Ransomware Gangs Encrypt Systems After 17hrs From Initial Infection - A 2025 threat report by cybersecurity firm Huntress reveals ransomware gangs now take just 17 hours on average to encrypt systems after initial network intrusion, with some groups like Akira and RansomHub operating in as little as 4–6 hours. New ...
3 days ago Cybersecuritynews.com

Microsoft to remove the Location History feature in Windows - “We are deprecating and removing the Location History feature, an API that allowed Cortana to access 24 hours of device history when location was enabled,” reads Microsoft's announcement. The API behind the feature, ...
3 days ago Bleepingcomputer.com

CVE-2024-13834 - The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. ...
5 days ago Tenable.com

CVE-2024-10581 - The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it ...
5 days ago Tenable.com

SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
5 days ago Cybersecuritynews.com

CVE-2024-13488 - The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter ...
5 days ago Tenable.com

IDOR vulnerability in ExHub Let Attacker Modify Web Hosting Configuration - The consequences of this IDOR vulnerability were severe where attackers could manipulate deployment configurations, potentially gaining unauthorized access to sensitive resources. This vulnerability effectively allowed unauthorized users to perform ...
3 days ago Cybersecuritynews.com

Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
3 days ago Bleepingcomputer.com

Microsoft spots XCSSET macOS malware variant used for crypto theft - A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. XCSSET then creates a malicious Launchpad application with ...
3 days ago Bleepingcomputer.com

New Research Proposed To Enhance MITRE ATT&CK In Dynamic Cybersecurity Environments - However, analysts (at National University of Singapore and NCS Cyber Special Ops R&D) noted that the proposed research seeks to address current limitations by introducing advanced capabilities such as real-time threat mapping, cross-domain ...
2 days ago Cybersecuritynews.com

CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for ...
5 days ago Tenable.com

CVE-2024-13837 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. ...
3 days ago Tenable.com

Chase will soon block Zelle payments to sellers on social media - While Chase didn't share what exactly prompted this decision, the U.S. Consumer Financial Protection Bureau (CFPB) sued Early Warning Services (Zelle's operator) and three of its owner banks (Bank of America, JPMorgan Chase, and Wells Fargo) in ...
3 days ago Bleepingcomputer.com

Juniper patches critical auth bypass in Session Smart routers - "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking ...
2 days ago Bleepingcomputer.com

Beware of Fake BSOD Delivered by Malicious Python Script - According to security consultant Xavier Mertens, the tkinter library, a standard Python module, is typically used to create graphical user interfaces (GUIs). Security teams should consider monitoring for unusual uses of GUI libraries like tkinter as ...
5 days ago Cybersecuritynews.com

CVE-2021-30369 - Rejected reason: Was determined not a vulnerability. ...
3 days ago Tenable.com

Threat Actors Trojanize Popular Versions of Games To Infect Systems Bypassing Evasion Techniques - By exploiting user trust in popular games and employing advanced evasion techniques, threat actors have demonstrated their ability to infiltrate systems undetected while maximizing financial gain through cryptomining. In a sophisticated cyberattack ...
2 days ago Cybersecuritynews.com

China-Linked Threat Group Targets Japanese Orgs' Servers - In targeting organizations in the Asia-Pacific region, Winnti is exploiting vulnerabilities found in applications like IBM Lotus Domino to deploy malicious malware, including DEATHLOTUS, UNAPIMON, PRIVATELOG, CUNNINGPIGEON, WINDJAMMER, and ...
2 days ago Darkreading.com

CVE-2025-26508 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
6 days ago Tenable.com

CVE-2025-26506 - Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. ...
6 days ago Tenable.com

CVE-2025-1357 - A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack ...
4 days ago Tenable.com

CVE-2025-1355 - A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted ...
4 days ago Tenable.com

CVE-2025-1392 - A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The ...
3 days ago Tenable.com

CVE-2024-13879 - The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with ...
3 days ago Tenable.com