Microsoft Azure Stack Edge 跨站脚本漏洞

Microsoft Azure Stack Edge is a Azure-hosted device by Microsoft that integrates Azure computing, storage, and intelligent features at the edge. Microsoft Azure Stack Edge has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to perform phishing attacks...

Detecting Cybersecurity Threats by Integrating Explainable AI with SHAP Interpretability and Strategic Data Sampling

The critical need for transparent and trustworthy machine learning in cybersecurity operations drives the development of this integrated Explainable AI XAI framework. Our methodology addresses three fundamental challenges in deploying AI for threat detection: handling massive datasets through...

CVE-2019-12752

The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system...

EUVD-2020-30363

Malware in sbrugna...

EUVD-2017-9900

Malware in sbrugna...

EUVD-2019-3552

Malware in sbrugna...

EUVD-2023-46986

Malicious code in bioql PyPI...

EUVD-2021-8078

Malicious code in bioql PyPI...

Malicious code in cycalculator-ybvd (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6695 Malicious code in amdocs-core-package (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6093 Malicious code in groq-link2 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41bce2830a85a25120da79481083dd6be69ce23b29f67ed7678a9009bbdb71f7 The OpenSSF Package Analysis project identified 'groq-link2' @ 1.0.23...

CVE-2025-30402

creationtimestamp| type| source ---|---|--- 2025-07-11 19:03:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114836150017822027...

New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the...

CVE-2025-7197

creationtimestamp| type| source ---|---|--- 2025-07-09 00:45:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltilmhxmnv2s...

Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased...

Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. "The targeted attack begins with bait emails containing malicious link...

CVE-2025-7164 PHPGurukul/Campcodes Cyber Cafe Management System index.php sql injection

A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched...

CVE-2025-53171

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function...

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle aka APT-Q-95 that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According t...

U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms

The U.S. Department of Justice DoJ on Monday announced sweeping actions targeting the North Korean information technology IT worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers. The coordinated action sa...