Toggle navigation
Ethical Hacking Bootcamp
Cyber Range
Contact
News
CIS Benchmarks Update November 2025
Wed, 19 Nov 2025 16:39:00 -0500
The November 2025 CIS Benchmarks monthly update highlights the CIS Benchmarks and CIS Build Kits that have been updated or recently released.
Looking Glass Cyber
Malware Patrol
SecList
God Mode On: how we attacked a vehicle’s head unit modem
Kaspersky researchers describe how they gained access to a vehicle's head unit by exploiting a single vulnerability in its modem.
securingtomorrow.mcafee.com
Quick Heal
Threat Post
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
Naked Security
Security Affairs
Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
French Interior Minister says hackers breached its email servers
U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika
U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people
CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75
Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION
Experts found an unsecured 16TB database containing 4.3B professional records
Germany calls in Russian Ambassador over air traffic control hack claims
Security Awareness Tips of the week
Exploits
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
[webapps] esm-dev 136 - Path Traversal
[webapps] Pluck 4.7.7-dev2 - PHP Code Execution
[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
[webapps] MaNGOSWebV4 4.0.6 - Reflected XSS
[webapps] Django 5.1.13 - SQL Injection
[webapps] phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
[webapps] MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
[webapps] phpIPAM 1.4 - SQL-Injection
[webapps] OpenRepeater 2.1 - OS Command Injection
[webapps] phpMyAdmin 5.0.0 - SQL Injection
[webapps] RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
[webapps] RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
[webapps] PluckCMS 4.7.10 - Unrestricted File Upload
[webapps] openSIS Community Edition 8.0 - SQL Injection
[webapps] YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
[webapps] phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
[webapps] phpIPAM 1.5.1 - SQL Injection
[webapps] Piwigo 13.6.0 - SQL Injection
[webapps] phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)
[webapps] phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)
[webapps] Flowise 3.0.4 - Remote Code Execution (RCE)
[webapps] Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
[remote] Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
[local] Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege
[remote] ClipBucket 5.5.0 - Arbitrary File Upload
[remote] ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
[webapps] Tourism Management System 2.0 - Arbitrary Shell Upload
[webapps] Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
[webapps] dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection
[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
[webapps] Concrete CMS 9.4.3 - Stored XSS
[local] Mbed TLS 3.6.4 - Use-After-Free
[remote] HTTP/2 2.0 - Denial Of Service (DOS)
[remote] HTMLDOC 1.9.13 - Stack Buffer Overflow
[remote] GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
[local] GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
[webapps] StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
[remote] Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
[webapps] Lingdang CRM 8.6.4.7 - SQL Injection
[webapps] Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
[remote] Tenda AC20 16.03.08.12 - Command Injection
[webapps] Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
[webapps] Soosyze CMS 2.0 - Brute Force Login
Last 20 Website Defacements - Zone-h
Advisories
Symantec Packet Stoem Security
