Search found 1289 matches

by Shane1145
Sun Jun 15, 2025 6:28 am
Forum: IOT Devices
Topic: SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
Replies: 0
Views: 73

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations.

"Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without ...
by Shane1145
Sun Jun 15, 2025 6:26 am
Forum: Web Applications
Topic: Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
Replies: 0
Views: 67

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 (M365) Copilot's context sans any user interaction.

The critical-rated vulnerability has been assigned ...
by Shane1145
Sun Jun 15, 2025 6:25 am
Forum: Mobile Phones
Topic: Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Replies: 0
Views: 59

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks.

The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1 ...
by Shane1145
Sun Jun 15, 2025 6:22 am
Forum: Web Applications
Topic: Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
Replies: 0
Views: 48

Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks

GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services.

The new versions—18.0.2, 17.11.4, and 17.10.8 for both Community ...
by Shane1145
Sun Jun 15, 2025 6:21 am
Forum: Consumer
Topic: Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
Replies: 0
Views: 92

Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User

A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe.

The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe ...
by Shane1145
Sun Jun 15, 2025 6:18 am
Forum: Windows
Topic: Windows Task Scheduler Vulnerability Allows Attackers to Gain Elevated Privileges
Replies: 0
Views: 49

Windows Task Scheduler Vulnerability Allows Attackers to Gain Elevated Privileges

A critical security vulnerability in Windows Task Scheduler that could allow unauthorized attackers to escalate their privileges on affected systems.

The vulnerability, tracked as CVE-2025-33067 and released on June 10, 2025, affects the Windows Kernel’s privilege management system and carries a ...
by Shane1145
Sun Jun 15, 2025 6:16 am
Forum: Commercial
Topic: CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
Replies: 0
Views: 63

CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface

Palo Alto Networks has disclosed a command injection vulnerability in its PAN-OS operating system that enables authenticated administrative users to escalate privileges and perform actions as the root user.

The vulnerability, designated CVE-2025-4231, was published on June 11, 2025, and carries a ...
by Shane1145
Sun Jun 15, 2025 6:14 am
Forum: Commercial
Topic: SECURITY BULLETIN: June 2025 for Trend Micro Apex One
Replies: 0
Views: 50

SECURITY BULLETIN: June 2025 for Trend Micro Apex One

Trend Micro has released critical security patches addressing five high-severity vulnerabilities in Apex One and Apex One as a Service products.

The most severe vulnerability, tracked as CVE-2025-49155, allows remote attackers to execute arbitrary code through the Data Loss Prevention module ...
by Shane1145
Sun Jun 15, 2025 6:13 am
Forum: Windows
Topic: Zero-Day Vulnerability in Windows SMB Client Exploited via Reflective Kerberos Relay Attack
Replies: 0
Views: 53

Zero-Day Vulnerability in Windows SMB Client Exploited via Reflective Kerberos Relay Attack

A critical zero-day vulnerability affecting Windows systems that allows attackers to gain maximum system privileges through a novel Kerberos-based attack technique.

The vulnerability, designated CVE-2025-33073, was patched by Microsoft on June 10, 2025, as part of their monthly Patch Tuesday ...
by Shane1145
Sun Jun 15, 2025 6:12 am
Forum: Windows
Topic: Windows Disk Cleanup Tool Vulnerability: PoC Exploit Now Public
Replies: 0
Views: 52

Windows Disk Cleanup Tool Vulnerability: PoC Exploit Now Public

Security researchers have released a proof-of-concept exploit for CVE-2025-21420, a critical elevation of privilege vulnerability affecting Windows Disk Cleanup tool (cleanmgr.exe).

The vulnerability leverages improper link resolution mechanisms to achieve SYSTEM-level privileges through the ...