72 matches found
Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities
Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities CVE-2025-4427, CVE-2025-4428 that enable pre-authenticated remote…...
Patch Tuesday, May 2025 Edition
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesse...
The Growing Threat of Vishing: How Cybercriminals Are Using Multimedia to Target You
The Growing Threat of Vishing: How Cybercriminals Are Using Multimedia to Target You By Mark Joseph Marti and Sandra Pagkaliwagan · May 8, 2025 Introduction Imagine being hacked through a phone call, and you can't even complain because you were the one who provided your sensitive information or...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-27363link is external FreeType Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
Fedora 41 : valkey (2025-d191ee2f9a)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d191ee2f9a advisory. Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes...
Fedora 40 : valkey (2025-59ebc165fc)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-59ebc165fc advisory. Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes...
CVE-2025-21574
...
WordPress Testimonial Slider and Showcase Pro plugin <= 2.1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider And Showcase Pro versions = 2.1.7...
WordPress Grip Theme <= 1.0.9 is vulnerable to Local File Inclusion
Software Grip Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26735 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b5e4d6f7b083 Credits tahu.datar Required privilege Unauthenticated Publishe...
WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by theviper17 in WordPress Plugin Solace Extra versions = 1.3.1...
Why we’re no longer doing April Fools’ Day
The internet is filled with falsehoods. We’re forever investigating new scams here at Malwarebytes, and so we get how hard it is to know what—or who—to trust online. There’s the scam that takes advantage of grieving people and tricks them into paying for a funeral live stream. There’s the fake...
openSUSE Security Advisory (SUSE-SU-2024:3453-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (openSUSE-SU-2024:0242-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
gnome-shell-extensions bug fix update
An update is available for gnome-shell-extensions. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell extensions allow for modifying the default GNOME...
PT-2025-6222 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: A vulnerability has been reported, but details are scarce. There is a mention of not waiting for vulnerability scanning results, implying...
New scams could abuse brief USPS suspension of inbound packages from China, Hong Kong
I would be the last one to provide scammers with good ideas, but as a security provider, sometimes we need to think like criminals to stay ahead in the race. Recently, the US Postal Service USPS announced that it would suspend inbound packages from China and Hong Kong until further notice. That...
openSUSE: Security Advisory for podman (SUSE-SU-2025:0267-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MAL-2025-579 Malicious code in lexical-esm-nextjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 808bb38341306bbd08d655abd9928c5cf279412658db15774579d78f195f5a39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11197 Malicious code in stacks-blockchain-dist-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b57ff71a1fa8a796d254711f77c61001b106406614239e93a1b59405fc6c1a3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Backdoor in XZ Utils allows RCE: everything you need to know
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently...