Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialMetrics Pro that...

Fraud Detection and Risk Assessment of Online Payment Transactions on E-Commerce Platforms Based on LLM and GCN Frameworks

With the rapid growth of e-commerce, online payment fraud has become increasingly complex, posing serious threats to financial security and consumer trust. Traditional detection methods often struggle to capture the intricate relational structures inherent in transactional data. This study presen...

Linux Distros Unpatched Vulnerability : CVE-2024-2380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored XSS in graph rendering in Checkmk 2.3.0b4. CVE-2024-2380 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL...

Malicious code in graph-specific-under (npm)

The package graph-specific-under was found to contain malicious code...

Malicious code in tju-graph-xuqing (npm)

The package tju-graph-xuqing was found to contain malicious code...

MAL-2025-46341 Malicious code in tju-graph-xuqing (npm)

The package tju-graph-xuqing was found to contain malicious code...

MAL-2025-44462 Malicious code in graph-specific-under (npm)

The package graph-specific-under was found to contain malicious code...

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

GHSA-3P8M-J85Q-PGMJ vulnerabilities

Vulnerabilities for packages: keycloak-operator, spark-fips, solr, keycloak, akhq, apache-nifi, thingsboard, wavefront-proxy, camunda-zeebe, cassandra, logstash-input-beats, opensearch, spark, elasticsearch-fips, infinispan, zookeeper-fips, kserve-modelmesh, strimzi-kafka-operator, zookeeper,...

CVE-2025-57611

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the dump method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfiltergraphdump for NULL, leading to a crash...

PT-2025-40634

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ASoC Qualcomm q6apm-lpass-dais component. Specifically, a NULL pointer dereference can occur if the initialization of the source graph fails...

Linux Distros Unpatched Vulnerability : CVE-2005-10004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell...

Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32aeb0493c4f...

GHSA-GM8G-FH49-QQ6V Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32aeb0493c4f...

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

CVE-2025-58459

The CVE concerns Jenkins global-build-stats Plugin, affected versions 322.v22f4db_18e2dd and earlier, which do not perform permission checks in REST API endpoints. This allows attackers with Overall/Read permissions to enumerate graph IDs, indicating a disclosure/enumeration risk without exploita...

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...