Lucene search
K

38666 matches found

Packet Storm News
Packet Storm News
added 2025/11/03 12:0 a.m.10 views

Characterizing Build Compromises through Vulnerability Disclosure Analysis

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component systems source code, dependencies, build tools, the difficult...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/01 1:43 p.m.10 views

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate ASD has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 CVSS...

10CVSS7.1AI score0.99571EPSS
Exploits26
RedhatCVE
RedhatCVE
added 2025/11/01 12:4 p.m.5 views

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

5.4CVSS6.5AI score0.00177EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

IEEE P802.11-REVme D1.1 through D7.0 allow FragAttacks against mesh networks. In mesh networks that use Wi-Fi Protected Access WPA, WPA2, or WPA3 or Wired Equivalent Privacy WEP, an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP...

9.1CVSS7.4AI score0.00271EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/01 12:0 a.m.3 views

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2025:3903-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3903-1 advisory. Upgrade to release 9.20.15: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found...

8.6CVSS6.5AI score0.1096EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2025/10/31 5:8 p.m.8 views

Security update for bind

This update for bind fixes the following issues: Upgrade to release 9.20.15: CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number...

9.2CVSS7AI score0.1096EPSS
Exploits1References12
OSV
OSV
added 2025/10/31 5:8 p.m.2 views

SUSE-SU-2025:3903-1 Security update for bind

This update for bind fixes the following issues: Upgrade to release 9.20.15: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random numb...

8.6CVSS6.5AI score0.1096EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/31 8:54 a.m.4 views

EUVD-2025-37316

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

5.4CVSS6AI score0.00177EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/10/31 7:9 a.m.14 views

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The vulnerability in...

7.8CVSS8.5AI score0.0788EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/10/31 12:0 a.m.4 views

Exploiting Latent Space Discontinuities for Building Universal LLM Jailbreaks and Data Extraction Attacks

The rapid proliferation of Large Language Models LLMs has raised significant concerns about their security against adversarial attacks. In this work, we propose a novel approach to crafting universal jailbreaks and data extraction attacks by exploiting latent space discontinuities, an architectur...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/30 6:31 p.m.5 views

EUVD-2025-37025

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

7.5CVSS6.5AI score0.0027EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/10/30 12:0 a.m.4 views

LLM-Based Multi-Class Attack Analysis and Mitigation Framework in IoT/IIoT Networks

The Internet of Things has expanded rapidly, transforming communication and operations across industries but also increasing the attack surface and security breaches. Artificial Intelligence plays a key role in securing IoT, enabling attack detection, attack behavior analysis, and mitigation...

6.8AI score
Exploits0
HackRead
HackRead
added 2025/10/29 4:17 p.m.8 views

Hackers Hijack Corporate XWiki Servers for Crypto Mining

Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers...

9.8CVSS6.9AI score0.99898EPSS
Exploits50
GithubExploit
GithubExploit
added 2025/10/29 4:5 p.m.371 views

Exploit for CVE-2025-40778

CVE-2025-40778 Proof of Concept Educational demonstration of...

8.6CVSS6.9AI score0.00509EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/10/29 3:38 p.m.12 views

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over...

10CVSS9AI score0.99999EPSS
Exploits111
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.3 views

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

6.6AI score0.0032EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/29 12:0 a.m.8 views

Jenkins plugins Multiple Vulnerabilities (2025-10-29)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with...

8.8CVSS6.4AI score0.00556EPSS
Exploits0References21
Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.4 views

SIRAJ: Diverse and Efficient Red-Teaming for LLM Agents Via Distilled Structured Reasoning

The ability of LLM agents to plan and invoke tools exposes them to new safety risks, making a comprehensive red-teaming system crucial for discovering vulnerabilities and ensuring their safe deployment. We present SIRAJ: a generic red-teaming framework for arbitrary black-box LLM agents. We emplo...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-44283

Name of the Vulnerable Software and Affected Versions Jenkins JDepend Plugin versions 1.3.1 and earlier Description The Jenkins JDepend Plugin uses an outdated version of the JDepend Maven Plugin that lacks proper configuration of its XML parser. This configuration deficiency can allow for XML...

7.1CVSS7AI score0.0032EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2025/10/28 1:0 p.m.7 views

Key Emerging Cybersecurity Threats and Challenges for 2025 and Beyond

The global threat landscape is undergoing an unprecedented transformation. Organizations are facing dizzying levels of complexity, driven by rapid technological innovation, the widespread adoption of artificial intelligence, and the expected disruptive effects of quantum computing. At the same...

6.4AI score
Exploits0
Rows per page
Query Builder