The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of…
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28…
The Swiss government has issued a warning after a third-party service provider suffered a ransomware attack, which saw sensitive information…
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the…
A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because “ubiquitous technical surveillance” is no…
a couple weeks ago Cursor launched a Slack integration and … wow. First time I can say AI *changed* my…
Transport Focus serves as the voice of passengers throughout the UK’s transport network, covering rail, bus, and tram services across…
The composable software platform for AI-powered organizations Source: Read MoreÂ
Welcome to Fundament, a weekly product design newsletter where we share actionable tips and insightful stories with the worldwide design…
, Apple’s yearly developer conference where they reveal new platforms, technologies, and (most relevant here) design languages. During the presentation…
With that in mind, we’re focused on increasing the number of designers who receive leads and the number of leads each…
Post Content Source: Read MoreÂ
Recent works have shown a surprising result: a small fraction of Large Language Model (LLM) parameter outliers are disproportionately important…
Just as APIs became the standard for integration, AI agents are transforming workflow automation through intelligent task coordination. AI agents…
Generative AI has revolutionized customer interactions across industries by offering personalized, intuitive experiences powered by unprecedented access to information. This…
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discon …
Read more
Published Date:
Jul 02, 2025 (3 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-48928
CVE-2025-48927
CVE ID : CVE-2025-34074
Published : July 2, 2025, 8:15 p.m. | 1 hour, 45 minutes ago
Description : An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled server, which is written to the Lucee webroot and executed with the privileges of the Lucee service account. Because Lucee does not enforce integrity checks, path restrictions, or execution controls for scheduled task fetches, this feature can be abused to achieve arbitrary code execution. This issue is distinct from CVE-2024-55354.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-34075
Published : July 2, 2025, 8:15 p.m. | 1 hour, 45 minutes ago
Description : An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:vagrant on Windows). This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile. When a user on the host later runs any vagrant command, the injected code is executed on the host with that user’s privileges.
While this shared-folder behavior is well-documented by Vagrant, the security implications of Vagrantfile execution from guest-writable storage are not explicitly addressed. This effectively enables guest-to-host code execution in multi-tenant or adversarial VM scenarios.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-34076
Published : July 2, 2025, 8:15 p.m. | 1 hour, 45 minutes ago
Description : An authenticated local file inclusion vulnerability exists in Microweber CMS versions
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-34078
Published : July 2, 2025, 8:15 p.m. | 1 hour, 45 minutes ago
Description : A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API.
This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…