CyberSecurityBoard
Sponsor Register Login

CVE-2025-8203

A vulnerability classified as critical has been found in Jingmen Zeyou Large File Upload Control up to 6.3. Affected is an unknown function of the file /index.jsp. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Publication date: Sat, 26 Jul 2025 14:32:00 +0000


Cyber News related to CVE-2025-8203

Windows 11 KB5053598 & KB5053602 cumulative updates released - ​​​​​​​​​​​​​​​​​​​​​[HTML Help Viewer] New! This update adds text scaling support. [Game Pass Ultimate and PC ...
4 months ago Bleepingcomputer.com
Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype - The data-driven insights from Red Report 2025 paint a vivid picture of the cyber threat landscape: credential thieves roaming unchecked, a handful of techniques enabling the vast majority of breaches, and new “heist-style” attack ...
4 months ago Bleepingcomputer.com
Windows 11 KB5055523 & KB5055528 cumulative updates released - [File Explorer] Fixed: In some cases, the See more​​​​​​​  menu in the File Explorer command bar opens in the wrong direction. [Widgets] New! Support for lock screen ...
3 months ago Bleepingcomputer.com
Windows 11 upgrade block lifted after Safe Exam Browser fix - "If your device still encounters this safeguard hold 48 hours after updating to the latest version of the application, you will need to contact Safe Exam Browser Support for more information on the resolution," Microsoft said in a Windows release ...
2 months ago Bleepingcomputer.com
CISA warns of increased breach risks following Oracle Cloud leak - BleepingComputer ​​​​​has separately confirmed with multiple Oracle customers that leaked data samples (including associated LDAP display names, email addresses, given names, and other identifying information) received ...
3 months ago Bleepingcomputer.com
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks - The security vulnerability (CVE-2025-54309) is due to mishandled AS2 validation and impacts all CrushFTP versions below 10.8.5 and 11.3.4_23. The vendor tagged the flaw as actively exploited in the wild on July 19th, noting ...
6 days ago Bleepingcomputer.com CVE-2025-54309
Hunters International shifts from ransomware to pure data extortion - Notable victims claimed by Hunters International include Tata Technologies, North American automobile dealership AutoCanada, U.S. Marshals Service, Japanese optics giant Hoya, U.S. Navy contractor Austal USA, and Oklahoma's largest not-for-profit ...
3 months ago Bleepingcomputer.com Hunters
UK Legal Aid Agency investigates cybersecurity incident - The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. The UK National Crime ...
2 months ago Bleepingcomputer.com Dragonforce
Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
2 months ago Bleepingcomputer.com Scattered Spider Dragonforce
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
1 week ago Bleepingcomputer.com CVE-2025-49706
New Windows zero-day exploited by 11 state hacking groups since 2017 - The Windows zero-day, tracked as ZDI-CAN-25373, is caused by a User Interface (UI) Misrepresentation of Critical Information (CWE-451) weakness, which allows attackers to exploit how Windows displays shortcut (.lnk) files to evade detection and ...
4 months ago Bleepingcomputer.com Mustang Panda CVE-2024-43461 APT37 BITTER Kimsuky Sidewinder APT3
Google fixes fourth actively exploited Chrome zero-day of 2025 - Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, ...
3 weeks ago Bleepingcomputer.com CVE-2025-4664
Microsoft starts testing Windows 11 taskbar icon scaling - ​Redmond also released a test remediation package that allows Windows Insiders to test the full capabilities of the Quick Machine Recovery (QMR) tool on their Windows 11 devices. "We are starting to roll out taskbar icon scaling to Windows ...
3 months ago Bleepingcomputer.com
Hunters International ransomware shuts down after World Leaks rebrand - ​"Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool," Group-IB said at the time, adding that the new tool appears to be an upgraded ...
3 weeks ago Bleepingcomputer.com Hunters
PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
5 months ago Bleepingcomputer.com CVE-2025-1094 CVE-2024-12356 CVE-2024-12686
Windows 10 KB5052077 update fixes broken SSH connections - ​​Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH connections. "Following the installation of ...
5 months ago Bleepingcomputer.com
Microsoft: Office 2016 and Office 2019 reach end of support in October - You can also switch to Office 2024, a standalone Office version released in October 2024 for small businesses and consumers without a Microsoft 365 subscription. This version includes locked-in-time versions of Word, Excel, PowerPoint, ...
3 months ago Bleepingcomputer.com
Google fixes high severity Chrome flaw with public exploit - The vulnerability was discovered by Solidlab security researcher Vsevolod Kokorin and is described as an insufficient policy enforcement in Google Chrome's Loader component that lets remote attackers leak cross-origin data via maliciously crafted ...
2 months ago Bleepingcomputer.com CVE-2025-2783
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own - Summoning Team's Sina Kheirkhah was awarded another $35,000 for a Chroma zero-day and an already known vulnerability in Nvidia's Triton Inference Server, while STARLabs SG's Billy and Ramdhan earned $60,000 for escaping Docker Desktop and ...
2 months ago Bleepingcomputer.com
Microsoft confirms May Windows 10 updates trigger BitLocker recovery - Microsoft's acknowledgment of this issue comes after many Windows users and admins have reported seeing devices unexpectedly enter the Windows Recovery Environment (WinRE) and displaying a BitLocker recovery screen after installing the KB5058379 ...
2 months ago Bleepingcomputer.com
Google fixes Chrome zero-day exploited in espionage campaign - ​Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations. However, Kaspersky researchers who discovered the actively ...
4 months ago Bleepingcomputer.com CVE-2025-2783
US charges Garantex admins with money laundering, sanctions violations - Garantex lost its license to provide virtual currency services in February 2022 after Estonia's Financial Intelligence Unit found critical compliance issues with Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) policies and ...
4 months ago Bleepingcomputer.com
Garantex crypto exchange admin arrested while on vacation - Besciokov (aka "proforg" and "iram") controlled Garantex with 40-year-old Russian national and United Arab Emirates resident Aleksandr Mira Serda (the crypto exchange's other co-founder) between 2019 and 2025. According to court ...
4 months ago Bleepingcomputer.com
Windows 11 KB5053656 update released with 38 changes and fixes - ​​Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2 with 38 changes, including real-time translation on AMD and Intel-powered Copilot+ PCs and fixes for authentication and blue-screen ...
3 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)