Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic...

CVE-2025-61431

A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...

EUVD-2025-19582

Malicious code in bioql PyPI...

Apple macOS 安全漏洞

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 POC Exploit Overview The working director...

August 12, 2025—KB5063875 (OS Builds 22621.5768 and 22631.5768)

August 12, 2025—KB5063875 OS Builds 22621.5768 and 22631.5768 Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securel...

CVE-2025-51532

Incorrect access control in Sage DPW 202412004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 202506000, released in June 2025...

CVE-2025-4394

Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025...

Dark Web Roast - June 2025 Edition

Dark Web Roast - June 2025 Edition By Trellix Advanced Research Center · July 21, 2025 Executive Summary Welcome to the very first Dark Web Roast! Each month, we're going to take a peek into the shadowy world of cybercrime and playfully "roast" some of its characters, all with a little help from...

Oracle MySQL Server 8.0.x < 8.0.43 (July 2025 CPU)

The versions of MySQL Server installed on the remote host are affected by a multiple vulnerabilities as referenced in the July 2025 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42,...

CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

Epson Web Installer for Mac vulnerable to missing authentication for critical function

Overview Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability. Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and...

Packet Storm New Exploits for June, 2025

This archive contains all of the 126 exploits added to Packet Storm in June, 2025...

Fedora 42 : dotnet9.0 (2025-77d16adbcd)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-77d16adbcd advisory. This is the .NET monthly update for June 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.6/9.0.107.md - Runtime:...

Fedora 41 : dotnet9.0 (2025-092006d075)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-092006d075 advisory. This is the .NET monthly update for June 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.6/9.0.107.md - Runtime:...

CVE-2025-52491

creationtimestamp| type| source ---|---|--- 2025-06-30 20:08:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19972 2025-06-30 20:57:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsu353ivae2k...

CVE-2025-36593

creationtimestamp| type| source ---|---|--- 2025-06-30 19:08:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19963 2025-06-30 21:20:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsu4gdcljb2s...

CVE-2025-53001

creationtimestamp| type| source ---|---|--- 2025-06-30 17:12:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lstoko54e32v...

CVE-2023-47310

creationtimestamp| type| source ---|---|--- 2025-06-30 16:54:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lstnl3xl3i2r 2025-06-30 20:08:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19971...

CVE-2025-6908

creationtimestamp| type| source ---|---|--- 2025-06-30 15:06:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19932 2025-06-30 16:50:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lstndobow42a...