Description of the security update for Office 2016: January 14, 2025 (KB5002595)

Description of the security update for Office 2016: January 14, 2025 KB5002595 Summary This security update resolves a Microsoft Office security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21346. Note: To apply...

Description of the security update for SharePoint Server 2019 Language Pack: January 14, 2025 (KB5002667)

Description of the security update for SharePoint Server 2019 Language Pack: January 14, 2025 KB5002667 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

Description of the security update for Excel 2016: January 14, 2025 (KB5002673)

Description of the security update for Excel 2016: January 14, 2025 KB5002673 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21362. Note: To apply this...

Description of the security update for Outlook 2016: January 14, 2025 (KB5002656)

Description of the security update for Outlook 2016: January 14, 2025 KB5002656 Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21357. Note: To apply...

CVE-2025-23018

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling RFC 2473 do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136...

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management is affected by a reflected cross-site scripting XSS vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Siemens recommends countermeasures for products where fixes are not, or not yet...

PT-2025-4773 · Jte · Jte

Name of the Vulnerable Software and Affected Versions: jte Java Template Engine versions 3.1.15 and earlier Description: The issue affects Jte HTML templates with script tags or script attributes that include a Javascript template string backticks, making them subject to XSS. The javaScriptBlock...

CISA: STS Scenarios Workshop 1 Scenario 3 Deep Disinformation

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Trend Micro Managed XDR Analysis of Infection From Fake Installers and Cracks

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...

The vulnerability of the String.toLowerCase() and String.toUpperCase() methods in the Spring LDAP project, which simplifies work with LDAP (Lightweight Directory Access Protocol), allows an intruder to gain unauthorized access to protected information.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Spring LDAP project, which simplifies the handling of LDAP Lightweight Directory Access Protocol, is related to insufficient registration checks. Exploiting this vulnerability can allow an attacker operating remotel...

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan RAT, developed in C, is a highly sophisticated malware offering unauthorised remote access with...

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. Mitigation See the following possible...

PT-2025-1026

Name of the Vulnerable Software and Affected Versions SonicWall SSL-VPN Gen6 affected versions not specified SonicWall SSL-VPN Gen7 affected versions not specified SonicWall SSL-VPN Gen8 affected versions not specified Description An authentication bypass exists in SonicWall SSL-VPN when integrat...

CVE-2025-21611

CVE-2025-21611 affects tgstation-server (BYOND server management). Before version 6.12.3, the authorization check for API methods used OR between the user-enabled status and the role, instead of AND. This error allowed enabled users to access most authorized actions regardless of their permission...

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

Out With the Old, In With the New: Securely Disposing of Smart Devices

So, what did you get for Christmas this year? Hopefully you received some cool smart technology, or maybe you just upgraded your smart camera or voice assistant to a newer model or version. If you upgraded to a new model or version, what is your plan for the old device? Is it still working or is ...

CVE-2024-49765 Bypass of Discourse Connect using other login paths if enabled in Discourse

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...

Firmware Security: Identifying Risks to Implement Best Cybersecurity Practices

Find out the key security risks of firmware security: Identify threats, and learn best practices and protection methods…...

AZL-54327 CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...