Development

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

May 14, 2025

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral…

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

May 14, 2025

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages,…

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

May 14, 2025

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and…

Two years’ jail for down-on-his-luck man who sold ransomware online

May 14, 2025

A man has been jailed in Ireland for two years after pleading guilty to offences related to his illegal online…

Development

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

May 14, 2025

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application…

Development

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

May 14, 2025

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical…

The AI Fix #50: AI brings dead man back for killer’s trial, and the judge loves it

May 14, 2025

In episode 50 of The AI Fix, AI brings a slain man back from the dead so he can appear…

Development

Australia’s Data Breach Reporting Numbers Highest in Half a Decade

May 14, 2025

Australia is facing a troubling uptick in data breaches, with the country recording its highest number of reported incidents this…

Development

Microsoft Patch Tuesday May 2025: 5 Zero Days, 8 High-Risk Vulnerabilities

May 14, 2025

Microsoft Patch Tuesday for May 2025 included five actively exploited zero days and another eight vulnerabilities judged to be at…

Development

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

May 14, 2025

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained…

Development

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

May 14, 2025

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice…

Development

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

May 14, 2025

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set…

Development

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

May 14, 2025

Cybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called Horabot targeting Windows users in…

Development

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

May 14, 2025

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released…

Development

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

May 14, 2025

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to…

Development

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

May 14, 2025

A new global phishing threat called “Meta Mirage” has been uncovered, targeting businesses using Meta’s Business Suite. This campaign specifically…

Development

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

May 14, 2025

A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it…

Development

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

May 14, 2025

At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in…

Development

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

May 14, 2025

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited…

Development

No Ceasefire in the Cyberspace Between India and Pakistan

May 14, 2025

India and Pakistan may have reached a status quo of ceasefire on ground, air and sea for now, but the…

Highlights

CVE-2025-53623 – ActiveJob Job Iteration API Remote Code Execution Vulnerability

July 15, 2025

CVE ID : CVE-2025-53623

Published : July 14, 2025, 8:15 p.m. | 6 hours, 36 minutes ago

Description : The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the `CsvEnumerator` class. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise. The issue is fixed in versions `1.11.0` and above. Users can mitigate the risk by avoiding the use of untrusted input in the `CsvEnumerator` class and ensuring that any file paths are properly sanitized and validated before being passed to the class methods. Users should avoid using the `count_of_rows_in_file` method with untrusted CSV filenames.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…