PT-2025-41762

Name of the Vulnerable Software and Affected Versions Ericsson Network Manager versions prior to 25.2 GA Description The software contains a flaw that could allow for the exfiltration of limited data or the redirection of users to other websites or domains. Recommendations Update to version 25.2 ...

Attacks by Content: Automated Fact-Checking Is an AI Security Issue

When AI agents retrieve and reason over external documents, adversaries can manipulate the data they receive to subvert their behaviour. Previous research has studied indirect prompt injection, where the attacker injects malicious instructions. We argue that injection of instructions is not...

HCL Unica MaxAI Workbench 安全漏洞

HCL Unica MaxAI Workbench is an artificial intelligence modeling and prediction module from HCL India. A security vulnerability exists in HCL Unica MaxAI Workbench, which stems from improper input validation and could lead to SQL injection, cross-site scripting, or command injection attacks, whic...

Navigating the Dual-Use Nature and Security Implications of Reconfigurable Intelligent Surfaces in Next-Generation Wireless Systems

Reconfigurable intelligent surface RIS technology offers significant promise in enhancing wireless communication systems, but its dual-use potential also introduces substantial security risks. This survey explores the security implications of RIS in next-generation wireless networks. We first...

Tomofun Furbo 360和Tomofun Furbo Mini 信任管理问题漏洞

Tomofun Furbo 360 and Tomofun Furbo Mini are both smart pet cameras from Tomofun Corporation of Taiwan, China. A trust management issue vulnerability exists in Tomofun Furbo 360 FB0035FW036 and earlier versions and Tomofun Furbo Mini MC0020FW074 and earlier versions, which stems from improper...

Tomofun Furbo 360和Tomofun Furbo Mini 信任管理问题漏洞

Tomofun Furbo 360 and Tomofun Furbo Mini are both smart pet cameras from Tomofun Corporation of Taiwan, China. A trust management issue vulnerability exists in Tomofun Furbo 360 FB0035FW036 and earlier versions and Tomofun Furbo Mini MC0020FW074 and earlier versions, which stems from the presence...

Tomofun Furbo 360 安全漏洞

Tomofun Furbo 360 is a smart pet camera from Tomofun Corporation of Taiwan, China. A security vulnerability exists in Tomofun Furbo 360 FB0035FW036 and prior versions, which stems from a resource consumption issue in the file upload component that could lead to remote attacks...

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response DFIR tool, in connection with ransomware attacks likely orchestrated by Storm-2603 aka CL-CRI-1040 or Gold Salem, which is known for deploying the Warlock and LockBit ransomware. The threat actor's use ...

CVE-2025-52624

A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0...

EulerOS 2.0 SP11 : pam (EulerOS-SA-2025-2207)

According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks an...

EulerOS 2.0 SP11 : pam (EulerOS-SA-2025-2239)

According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks an...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a script whitelist configuration bypass and a misconfigured Content-Security-Policy header, which can be exploited by an attacker to cause cross-site scripting and other...

Rethinking DDoS Defense: Why Scale Isn’t the Only Metric That Matters

In recent months, headlines have drawn attention to record-breaking DDoS attacks, often measured in terabits per second Tbps and accompanied by declarations of network capacity in the hundreds of Tbps. These figures, while impressive, can create a misleading narrative about what truly matters in...

Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has observed a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. These types of attacks have been dubbed “payroll...

Your Shipment Notification is Now a Malware Dropper

Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend against the threat...

OpnForm 代码问题漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A code issue vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from the presence of unrestricted upload functionality for files/answers, which could lead to remote attacks...

Crimson Collective: A New Threat Group Observed Operating in the Cloud

Introduction Over the past few weeks, Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments with the goal of data exfiltration and subsequent extortion of the victim. This threat group refers to itself as ‘Crimson Collective’ and has recently announced that...

EUVD-2001-0227

Malware in sbrugna...

EUVD-2017-7302

Malware in sbrugna...

EUVD-2019-0252

Malware in sbrugna...