Development

Cyber Security News Letter: Key Updates on Attacks, Vulnerabilities, & Data Breaches

Welcome to this week’s Cybersecurity Newsletter, where we provide the latest updates and critical insights from the swiftly changing realm of cybersecurity.This edition focuses on new threats and the …
Read more

Published Date:
Apr 21, 2025 (6 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-31201

CVE-2025-31200

CVE-2025-20236

CVE-2025-30100

CVE-2025-24859

CVE-2025-24076

CVE-2025-24054

CVE-2021-20035

GitHub Enterprise Server Vulnerabilities Allows Arbitrary Code Execution

GitHub has issued urgent security updates for its Enterprise Server product after discovering multiple high-severity vulnerabilities, including a critical flaw (CVE-2025-3509) that allows attackers to …
Read more

Published Date:
Apr 21, 2025 (4 hours, 25 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3509

CVE-2025-3246

CVE-2025-3124

CVE ID : CVE-2024-53591

Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago

Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29058

Published : April 18, 2025, 9:15 p.m. | 2 days, 9 hours ago

Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3821

Published : April 20, 2025, 4:15 a.m. | 1 day, 2 hours ago

Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-0632

Published : April 21, 2025, 6:15 a.m. | 40 minutes ago

Description : Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise.

This issue affects Rock Maker Web: from 3.2.1.1 and later

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Asus waarschuwt voor kritieke AiCloud-kwetsbaarheid in wifi-routers

Asus waarschuwt voor een kritieke AiCloud-kwetsbaarheid die in verschillende wifi-routers aanwezig is en heeft firmware-updates uitgebracht om het probleem te verhelpen. Via AiCloud kunnen gebruikers …
Read more

Published Date:
Apr 19, 2025 (1 day, 15 hours ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-2492

Critical Meshtastic RCE Vulnerability (CVE-2025-24797) Requires Urgent Update

A critical security vulnerability has been disclosed in Meshtastic, the open-source LoRa mesh networking platform known for enabling long-range, low-power communication without cellular or internet co …
Read more

Published Date:
Apr 21, 2025 (1 hour, 34 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24797

APT41/RedGolf Infrastructure Briefly Exposed: Fortinet Zero-Days Targeted Shiseido

In a rare window into the operations of an advanced persistent threat, a KeyPlug-linked infrastructure briefly went live, exposing tools and scripts tied to APT41/RedGolf operations. The server, activ …
Read more

Published Date:
Apr 21, 2025 (1 hour, 24 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24797

CVE-2025-31103

CVE-2025-0108

CVE-2024-23109

CVE-2024-23108

CVE-2025-42599: Critical Buffer Overflow in Active! mail Exploited in the Wild

A severe security vulnerability has been identified in Active! mail, a product of QUALITIA CO., LTD., posing a significant risk to affected systems. The Japan Computer Emergency Response Team (JPCERT) …
Read more

Published Date:
Apr 21, 2025 (1 hour, 19 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-42599

Larva-24005: Kimsuky’s Global Cyber Espionage Campaign Exploits RDP and Office Flaws

A new cybersecurity report from the AhnLab Security intelligence Center (ASEC) has shed light on a recently identified operation linked to the notorious Kimsuky group. Dubbed “Larva-24005,” this campa …
Read more

Published Date:
Apr 21, 2025 (1 hour, 15 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-42599

CVE-2019-0708

CVE-2017-11882

CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update

ASUS has released a firmware update addressing a critical-severity vulnerability—CVE-2025-2492—with a CVSSv4 score of 9.2. The flaw impacts several ASUS router firmware series with AiCloud enabled and …
Read more

Published Date:
Apr 21, 2025 (1 hour, 6 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-2492

CVE-2024-13062

CVE-2024-12912

Yokogawa Recorders Vulnerable to Attack Due to Insecure Default Settings

Yokogawa Electric Corporation has issued a security advisory warning of a critical vulnerability affecting several of its industrial recorder products. Tracked as CVE-2025-1863, this flaw allows unaut …
Read more

Published Date:
Apr 21, 2025 (1 hour, 5 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-2492

CVE-2025-1863

Critical PyTorch Vulnerability CVE-2025-32434 Allows Remote Code Execution

A critical vulnerability has been unearthed in PyTorch, one of the most beloved deep learning frameworks out there. Security researcher Ji’an Zhou has identified a critical Remote Command Execution (R …
Read more

Published Date:
Apr 21, 2025 (51 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32434

CVE-2024-5480

CVE-2024-5452

CVE-2023-43654

Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104

A security researcher published a proof-of-concept exploit code for an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to i …
Read more

Published Date:
Apr 21, 2025 (49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32434

CVE-2024-53197

CVE-2024-53104

CVE-2024-50302

CVE ID : CVE-2025-39588

Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago

Description : Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39595

Published : April 17, 2025, 4:15 p.m. | 3 days, 10 hours ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43929

Published : April 20, 2025, 3:15 a.m. | 23 hours ago

Description : open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2020-36844

Published : April 20, 2025, 10:15 p.m. | 4 hours ago

Description : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2020-36845

Published : April 20, 2025, 10:15 p.m. | 4 hours ago

Description : The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…