Privacy/Governance Feed
A SentinelLabs report has revealed patents linked to firms aiding China’s cyber-espionage operations, exposing new capabilities – Read More –
Privacy/Governance Feed
A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques – Read More –
Attack Feeds
The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Palo Alto Networks has agreed to acquire identity security firm CyberArk for approximately $25 billion, marking the cybersecurity giant’s largest acquisition and its formal entry into the identity security market as the industry continues consolidating amid rising cyber threats. The transaction ranks among the largest technology acquisitions this year and underscores the market’s focus on … Read More “Palo Alto Networks to acquire CyberArk for $25 billion – CyberScoop” »
Privacy/Governance Feed
Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching – Read More –
Gov/ISAC Feeds
NIST is soliciting comments from the public on the draft until Sept. 12, and the agency is planning a virtual event to showcase the project and gather feedback on Aug. 27. – Read More – News and Events Feed by Topic
Attack Feeds
Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. “The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,” – Read More … Read More “Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits – The Hacker News” »
Attack Feeds
Akamai’s latest Ransomware Report 2025 reveals “quadruple extortion,” new AI-driven tactics by groups like Black Basta, FunkSec, and TrickBot, and growing threats to non-profits. Learn about evolving cyber threats. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components … Read More “Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome – The Hacker News” »
Attack Feeds
In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new … Read More “Product Walkthrough: A Look Inside Pillar’s AI Security Platform – The Hacker News” »
Attack Feeds
During a Senate Homeland Security and Governmental Affairs Committee hearing earlier this month in which lawmakers considered if Sean Plankey is fit to become director of the Cybersecurity and Infrastructure Security Agency, ranking member Gary Peters asked the CISA nominee how he would ensure the agency meets all of its statutory requirements, including those in … Read More “CISA is facing a tight CIRCIA deadline. Here’s how Sean Plankey can attempt to meet it – CyberScoop” »
Attack Feeds
Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access … Read More “Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools – The Hacker News” »
Privacy/Governance Feed
32.1% of vulnerabilities listed in VulnCheck’s Known Exploited Vulnerabilities catalog were weaponized before being detected or within the following day – Read More –
Attack Feeds
Menlo Park, United States, 30th July 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Privacy/Governance Feed
IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment – Read More –
Attack Feeds
The average cost of a data breach for U.S. companies jumped 9% to an all-time high of $10.22 million in 2025, as the global average cost fell 9% to $4.44 million, IBM said in its 20th annual Cost of a Data Breach Report Wednesday. While shorter investigations are pushing down costs globally, reflecting the first … Read More “Research shows data breach costs have reached an all-time high – CyberScoop” »
Privacy/Governance Feed
A total of 396 compromised Microsoft SharePoint systems have been identified globally, affecting 145 organizations across 41 countries in the wake of the ToolShell zero-day vulnerability – Read More –
Attack Feeds
Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using … Read More “Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero – The Hacker News” »
Attack Feeds
Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. “Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t … Read More “Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure – The Hacker News” »
Attack Feeds
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. “Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked … Read More “Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware – The Hacker News” »
Privacy/Governance Feed
The comprehensive guidance focuses on technical recommendations for securing agentic AI applications, from development to deployment – Read More –
Alert Feeds
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Jul 29 St. Pölten UAS 20250721-0 ——————————————————————————- title| Multiple Vulnerabilities in REX100 product| Helmholz Industrial Router REX100 / mbNET.mini vulnerable version| < 2.3.3 fixed version| 2.3.3 CVE number| CVE-2025-41673, CVE-2025-41674, CVE-2025-41675, | CVE-2025-41676, CVE-2025-41677, CVE-2025-41678,… – Read More – Full Disclosure
Alert Feeds
Posted by Stefan Kanthak via Fulldisclosure on Jul 29 Hi @ll, about 35 years ago Microsoft began to implement their “New Technology File System” (NTFS) for their upcoming Windows NT operating system. NTFS supports the extended attributes of the HPFS file system which Microsoft and IBM had developed for their OS/2 operating system before. … Read More “Defense in depth — the Microsoft way (part 90): “Digital Signature” property sheet missing without “Read Extended Attributes” access permission – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-6 watchOS 11.6 watchOS 11.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124155. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. afclip Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-07-29-2025-6 watchOS 11.6 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-7 tvOS 18.6 tvOS 18.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124153. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. afclip Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-07-29-2025-7 tvOS 18.6 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-8 visionOS 2.6 visionOS 2.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124154. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. afclip Available for: Apple Vision Pro Impact: Parsing a … Read More “APPLE-SA-07-29-2025-8 visionOS 2.6 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-3 macOS Sequoia 15.6 macOS Sequoia 15.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124149. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Admin Framework Available for: macOS Sequoia Impact: … Read More “APPLE-SA-07-29-2025-3 macOS Sequoia 15.6 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7 macOS Sonoma 14.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/124150. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Admin Framework Available for: macOS Sonoma Impact: … Read More “APPLE-SA-07-29-2025-4 macOS Sonoma 14.7.7 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7 macOS Ventura 13.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/124151. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Admin Framework Available for: macOS Ventura Impact: … Read More “APPLE-SA-07-29-2025-5 macOS Ventura 13.7.7 – Full Disclosure” »
Alert Feeds
Posted by Egidio Romano on Jul 29 —————————————————————————- Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability —————————————————————————- [-] Software Link: https://invisioncommunity.com [-] Affected Versions: Certain 4.x versions before 4.7.21. [-] Vulnerability Description: The vulnerability is located within the… – Read More – Full Disclosure
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 iOS 18.6 and iPadOS 18.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/124147. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: … Read More “APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Jul 29 APPLE-SA-07-29-2025-2 iPadOS 17.7.9 iPadOS 17.7.9 addresses the following issues. Information about the security content is also available at https://support.apple.com/124148. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPad Pro 12.9-inch 2nd generation, iPad … Read More “APPLE-SA-07-29-2025-2 iPadOS 17.7.9 – Full Disclosure” »
Alert Feeds
Posted by Marcus Krueppel on Jul 29 ================== Overview ================== TL;DR: Using the low-privilege “admin” user account via SSH on the IoT device “USB-Server-LXL” [1], it is possible to modify the script /etc/init.d/lighttpd which is executed by root upon restart, leading to arbitrary code execution with root privileges. CVE: CVE-2025-52361 Suggested CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N … Read More “AK-Nord USB-Server-LXL privilege escalation and code execution (CVE-2025-52361) – Full Disclosure” »
![[KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability – Full Disclosure](https://attackfeed.com/wp-content/uploads/2025/07/fulldisclosure-img-fQNFld.png "[KIS-2025-04] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability")
Alert Feeds
Posted by Egidio Romano on Jul 29 —————————————————————— SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability —————————————————————— [-] Software Link: https://www.sugarcrm.com [-] Affected Versions: All commercial versions before 13.0.4 and 14.0.1. [-] Vulnerability Description: User input passed through GET parameters to the /css/preview REST API endpoint is not… – Read More – Full Disclosure
Alert Feeds
Posted by Andrey Stoykov on Jul 29 # Exploit Title: Stored XSS “Edit Header” Functionality – seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS “Edit Header” Functionality #1: Steps to Reproduce: Login as admin user and visit “News” Click on … Read More “Stored XSS “Edit Header” Functionality – seotoasterv2.5.0 – Full Disclosure” »
Alert Feeds
Posted by Andrey Stoykov on Jul 29 # Exploit Title: Open Redirect “Login Page” Functionality – seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Open Redirect “Login Page” Functionality #1: Steps to Reproduce Login to the application and then add the Referer … Read More “Open Redirect “Login Page” Functionality – seotoasterv2.5.0 – Full Disclosure” »
Alert Feeds
Posted by Andrey Stoykov on Jul 29 # Exploit Title: Stored XSS “Create Page” Functionality – seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS “Create Page” Functionality #1: Steps to Reproduce 1. Login with admin and visit “Pages” > “Create … Read More “Stored XSS “Create Page” Functionality – seotoasterv2.5.0 – Full Disclosure” »
Alert Feeds
Posted by Andrey Stoykov on Jul 29 # Exploit Title: Stored XSS “Edit General Info” Functionality – seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS “Edit General Info” Functionality #3: Steps to Reproduce 1. Login with admin and visit “Website … Read More “Stored XSS “Edit General Info” Functionality – seotoasterv2.5.0 – Full Disclosure” »
Alert Feeds
Posted by Palula Brasil on Jul 29 The following snippet in the text is associated to the wrong CVE number: 2.2 Possibility of injecting JavaScript code into the name of the visiting network (XSS) – CVE-2025-26064 The correct CVE number for item 2.2 is CVE-2025-26065. – Read More – Full Disclosure
Alert Feeds
Posted by Egidio Romano on Jul 29 —————————————————————————————– Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability —————————————————————————————– [-] Software Link: https://invisioncommunity.com [-] Affected Versions: Certain 4.x versions before 4.7.21. All 5.x versions before 5.0.8. [-] Vulnerability Description:… – Read More – Full Disclosure
Alert Feeds
Posted by Sanjay Singh on Jul 29 Hello Full Disclosure community, I’m sharing details of a recently assigned CVE affecting a widely used open‑source School Management System (PHP/MySQL). ——————————————– CVE ID: CVE‑2025‑52187 Vulnerability Type: Stored Cross‑Site Scripting (XSS) Attack Vector: Remote Discoverer: Sanjay Singh Vendor Repository: https://github.com/GetProjectsIdea/Create-School-Management-System-with-PHP-MySQL Version… – Read More – Full Disclosure
Attack Feeds
The post Minnesota governor activates National Guard amid St. Paul cyberattack appeared first on CyberScoop. – Read More – CyberScoop
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely Vendor: Samsung Equipment: HVAC DMS Vulnerabilities: Execution After Redirect (EAR), Deserialization of Untrusted Data, Absolute Path Traversal, Use of Potentially Dangerous Function, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Relative Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities … Read More “Samsung HVAC DMS – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTN Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta … Read More “Delta Electronics DTN Soft – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid … Read More “National Instruments LabVIEW – All CISA Advisories” »
Attack Feeds
Sean Plankey’s path to leading the Cybersecurity and Infrastructure Security Agency might have one obstacle set to be cleared for removal. With the Senate Homeland Security and Governmental Affairs Committee scheduled to hold a vote on his nomination for CISA director Wednesday, the next and final step for Plankey pending approval from the panel would … Read More “CISA says it will release telecom security report sought by Sen. Wyden to lift hold on Plankey nomination – CyberScoop” »
Gov/ISAC Feeds
CISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its ongoing efforts to support Federal Civilian Executive Branch (FCEB) agencies implementing zero trust architectures (ZTAs). This guidance provides a high-level overview of microsegmentation, focusing on its key concepts, associated challenges and potential benefits, and includes recommended actions to modernize network … Read More “CISA Releases Part One of Zero Trust Microsegmentation Guidance – All CISA Advisories” »
Attack Feeds
Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Allianz Life Insurance confirms a July 2025 data breach impacting 1.4 million customers, financial pros and employees. Learn how social engineering exploited a third-party CRM, the hallmarks of Scattered Spider tactics, and the broader risks of supply chain vulnerabilities. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Privacy/Governance Feed
Some of Orange’s professional and consumer services may be disrupted for a few days because of the cyber incident – Read More –