#vulnerability

The controller suffers from an unauthenticated file disclosure vulnerability. Using the 'db_log' POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

LLMs may serve as powerful assistants to malware analysts to streamline workflows, enhance efficiency, and provide actionable insights during malware analysis.

Phishing remained the top initial access method in Q2 2025, while ransomware incidents see the emergence of new Qilin tactics.

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this kind of attack too. Apache JSPWiki users should upgrade to 2.12.3 or later.

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload

Attackers are becoming faster at exploiting vulnerabilities, but this startup seeks to stop threats before they lead to breaches.

July Linux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild (CISA KEV): 🔻 SFB – Chromium (CVE-2025-6554) There are also 36 (❗️) vulnerabilities for which public exploits are available or suspected to […]