Privilege Escalation vulnerability in Motors, a #WordPress theme with more than 22,000 sales. This #vulnerability makes it possible for an unauthenticated attacker to change the password of any user
www.wordfence.com
June 23, 2025 at 5:04 AM
Privilege Escalation vulnerability in Motors, a #WordPress theme with more than 22,000 sales. This #vulnerability makes it possible for an unauthenticated attacker to change the password of any user
#Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a #RCE. Tracked as #CVE-2025-23121, this security flaw was reported by security researchers at #watchTowr and #CodeWhite, and it only impacts domain-joined installations.
KB4743: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2
Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2
www.veeam.com
June 18, 2025 at 6:22 AM
#Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a #RCE. Tracked as #CVE-2025-23121, this security flaw was reported by security researchers at #watchTowr and #CodeWhite, and it only impacts domain-joined installations.
Reposted by nop.f(x)
Ubuntu 25.10's switch to sudo-rs, a Rust-based sudo, shows a profound commitment to enhancing memory safety and system security.
This move reflects the growing trend of leveraging Rust. thenewstack.io/ubuntu-25-10...
#Ubuntu #Ubuntu2510 #sudoRS #RustLang #MemorySafety #SecureByDesign #Security
This move reflects the growing trend of leveraging Rust. thenewstack.io/ubuntu-25-10...
#Ubuntu #Ubuntu2510 #sudoRS #RustLang #MemorySafety #SecureByDesign #Security
Ubuntu 25.10 Replaces sudo With a Rust-Based Equivalent
The new sudo-rs is meant to be a near drop-in replacement for sudo, but some of the less secure aspects of sudo will not be supported.
thenewstack.io
June 14, 2025 at 6:14 AM
Ubuntu 25.10's switch to sudo-rs, a Rust-based sudo, shows a profound commitment to enhancing memory safety and system security.
This move reflects the growing trend of leveraging Rust. thenewstack.io/ubuntu-25-10...
#Ubuntu #Ubuntu2510 #sudoRS #RustLang #MemorySafety #SecureByDesign #Security
This move reflects the growing trend of leveraging Rust. thenewstack.io/ubuntu-25-10...
#Ubuntu #Ubuntu2510 #sudoRS #RustLang #MemorySafety #SecureByDesign #Security
Reposted by nop.f(x)
🎉 godot-bevy v0.7.0 is out!
Release with bug fixes and improvements:
✨ Node Type Markers - Better and more efficient ECS queries
⚡ Fix Timing - Component available in Startup systems
🚀 Performance improvements
We also now have a #godotbevy book! 📖
#godotengine #bevyengine #rustlang #gamedev
Release with bug fixes and improvements:
✨ Node Type Markers - Better and more efficient ECS queries
⚡ Fix Timing - Component available in Startup systems
🚀 Performance improvements
We also now have a #godotbevy book! 📖
#godotengine #bevyengine #rustlang #gamedev
Release v0.7.0 · dcvz/godot-bevy
What's Changed
Update the README "Basic Usage" section & add simple Node2D movement example by @DragonAxe in #37
feat: add explicit configuration of transform sync mode by @dcvz in #44
feat(docs):...
github.com
June 14, 2025 at 11:49 PM
🎉 godot-bevy v0.7.0 is out!
Release with bug fixes and improvements:
✨ Node Type Markers - Better and more efficient ECS queries
⚡ Fix Timing - Component available in Startup systems
🚀 Performance improvements
We also now have a #godotbevy book! 📖
#godotengine #bevyengine #rustlang #gamedev
Release with bug fixes and improvements:
✨ Node Type Markers - Better and more efficient ECS queries
⚡ Fix Timing - Component available in Startup systems
🚀 Performance improvements
We also now have a #godotbevy book! 📖
#godotengine #bevyengine #rustlang #gamedev
Reposted by nop.f(x)
Reposted by nop.f(x)
3. Steve Klabnik attempted to answer the question we have all been asking, “Is Rust faster than C?”
steveklabnik.com/writing/is-r...
steveklabnik.com/writing/is-r...
Is Rust faster than C?
Blog post: Is Rust faster than C? by Steve Klabnik
steveklabnik.com
June 16, 2025 at 7:43 AM
3. Steve Klabnik attempted to answer the question we have all been asking, “Is Rust faster than C?”
steveklabnik.com/writing/is-r...
steveklabnik.com/writing/is-r...
#Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization #CVE-2025-49113
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]
A deep technical breakdown of CVE-2025-49113, a critical Roundcube vulnerability involving PHP session serialization. Learn how the bug was discovered, exploited, and responsibly disclosed with full P...
fearsoff.org
June 5, 2025 at 1:24 PM
#Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization #CVE-2025-49113
#Cisco ##vulnerability affecting Cisco IOS XE Wireless Controller Software version 17.12.03 and earlier. The issue was described as an unauthenticated arbitrary file upload, caused by the presence of a hard-coded JSON Web Token (JWT).
Cisco IOS XE WLC File Upload Vuln CVE-2025-20188
Explore how a hard-coded JWT in Cisco IOS XE WLC enables unauthenticated file upload and potential RCE—and how to mitigate it.
horizon3.ai
June 2, 2025 at 4:54 AM
#Cisco ##vulnerability affecting Cisco IOS XE Wireless Controller Software version 17.12.03 and earlier. The issue was described as an unauthenticated arbitrary file upload, caused by the presence of a hard-coded JSON Web Token (JWT).
Reposted by nop.f(x)
new #rustlang crate drop: iddqd! ID-based maps where keys are borrowed from values. Four maps are included: IdOrdMap, IdHashMap, a bijective (1:1) BiHashMap and a trijective (1:1:1) TriHashMap.
At Oxide we've found this pattern to be very useful. iddqd is no-std compatible, too!
docs.rs/iddqd
At Oxide we've found this pattern to be very useful. iddqd is no-std compatible, too!
docs.rs/iddqd
![use iddqd::{IdOrdMap, IdOrdItem, id_upcast};
#[derive(Debug)]
struct User {
name: String,
age: u8,
}
// Implement IdOrdItem so the map knows how to get the key from the value.
impl IdOrdItem for User {
// The key type can borrow from the value.
type Key<'a> = &'a str;
fn key(&self) -> Self::Key<'_> {
&self.name
}
id_upcast!();
}
let mut users = IdOrdMap::<User>::new();
// You must pick an insertion behavior. insert_unique returns an error if
// the key already exists.
users.insert_unique(User { name: "Alice".to_string(), age: 30 }).unwrap();
users.insert_unique(User { name: "Bob".to_string(), age: 35 }).unwrap();
// Lookup by name:
assert_eq!(users.get("Alice").unwrap().age, 30);
assert_eq!(users.get("Bob").unwrap().age, 35);
// Iterate over users:
for user in &users {
println!("User {}: {}", user.name, user.age);
}](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:sl3g3nhnad34sfhjnqdivbzd/bafkreiehx7zar5nmgjprieoppncgyoge423xexinhysxcxytcirvm3dw64@jpeg)
May 21, 2025 at 9:19 PM
new #rustlang crate drop: iddqd! ID-based maps where keys are borrowed from values. Four maps are included: IdOrdMap, IdHashMap, a bijective (1:1) BiHashMap and a trijective (1:1:1) TriHashMap.
At Oxide we've found this pattern to be very useful. iddqd is no-std compatible, too!
docs.rs/iddqd
At Oxide we've found this pattern to be very useful. iddqd is no-std compatible, too!
docs.rs/iddqd
Reposted by nop.f(x)
A Chinese APT (UNC5221) is behind recent attacks exploiting an Ivanti zero-day (CVE-2025-4427)
This is a known Chinese APT group that seems to be specialized in Ivanti and other Western enterprise products... they have a long list of past zero-days in their name
blog.eclecticiq.com/china-nexus-...
This is a known Chinese APT group that seems to be specialized in Ivanti and other Western enterprise products... they have a long list of past zero-days in their name
blog.eclecticiq.com/china-nexus-...
China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability
On Thursday, May 15, 2025, Ivanti disclosed two critical vulnerabilities - CVE-2025-4427 and CVE-2025-4428 - affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier.
blog.eclecticiq.com
May 22, 2025 at 11:32 AM
A Chinese APT (UNC5221) is behind recent attacks exploiting an Ivanti zero-day (CVE-2025-4427)
This is a known Chinese APT group that seems to be specialized in Ivanti and other Western enterprise products... they have a long list of past zero-days in their name
blog.eclecticiq.com/china-nexus-...
This is a known Chinese APT group that seems to be specialized in Ivanti and other Western enterprise products... they have a long list of past zero-days in their name
blog.eclecticiq.com/china-nexus-...
A new #critical #vulnerability popped up concerning samlify, a widely adopted #Node.js library for implementing #SAML 2.0 Single Sign-On.
https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass>
May 22, 2025 at 12:05 PM
A new #critical #vulnerability popped up concerning samlify, a widely adopted #Node.js library for implementing #SAML 2.0 Single Sign-On.
#Motors <= 5.6.67 - Unauthenticated Privilege Escalation Via Password Update/Account Takeover #wordpress #theme
Premium WordPress 'Motors' theme vulnerable to admin takeover attacks
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete contr...
www.bleepingcomputer.com
May 21, 2025 at 5:49 AM
#Motors <= 5.6.67 - Unauthenticated Privilege Escalation Via Password Update/Account Takeover #wordpress #theme
Broadcom-owned #VMware on Tuesday rolled out urgent patches for two sets of flaws that expose its flagship infrastructure software to data leakage, command execution and denial-of-service attacks.
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
www.securityweek.com
May 21, 2025 at 5:47 AM
Broadcom-owned #VMware on Tuesday rolled out urgent patches for two sets of flaws that expose its flagship infrastructure software to data leakage, command execution and denial-of-service attacks.
A missing authentication for critical function vulnerability [CWE-306] in #FortiOS, #FortiProxy, and #FortiSwitchManager #CVE-2025-22252
PSIRT | FortiGuard Labs
None
www.fortiguard.com
May 19, 2025 at 5:43 AM
A missing authentication for critical function vulnerability [CWE-306] in #FortiOS, #FortiProxy, and #FortiSwitchManager #CVE-2025-22252
#Google released updates to address 4 issues in its #Chrome web browser, including one for which it said there exists an exploit in the wild.
https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html](https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html
May 16, 2025 at 4:54 AM
#Intel, #AMD and #Arm each published Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products, including ones related to newly disclosed CPU attacks.
Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks
Intel, AMD and Arm each published security advisories on Patch Tuesday, including for newly disclosed CPU attacks.
www.securityweek.com
May 15, 2025 at 5:45 AM
#Siemens, #SchneiderElectric and #PhoenixContact have released #ICS security advisories on the May 2025 Patch Tuesday.
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
Industrial giants Siemens, Schneider Electric and Phoenix Contact have released ICS security advisories on the May 2025 Patch Tuesday.
www.securityweek.com
May 15, 2025 at 5:43 AM
#Siemens, #SchneiderElectric and #PhoenixContact have released #ICS security advisories on the May 2025 Patch Tuesday.
#Zoom fixes multiple security bugs, including a #high-risk flaw. Users are urged to update to the latest version released on May 13, 2025. The updates affect both general app versions and Windows-specific builds. For anyone using Zoom, especially on Windows systems, these updates are worth attention
Zoom Fixes High-Risk Flaw in Latest Update
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
May 14, 2025 at 5:52 AM
#Zoom fixes multiple security bugs, including a #high-risk flaw. Users are urged to update to the latest version released on May 13, 2025. The updates affect both general app versions and Windows-specific builds. For anyone using Zoom, especially on Windows systems, these updates are worth attention
Fortinet released security updates to patch a critical #RCE exploited as a #zero-day targeting FortiVoice enterprise phone systems. Vulnerability tracked as #CVE-2025-32756. As the company explains, successful exploitation can allow rce via maliciously crafted HTTP requests.
PSIRT | FortiGuard Labs
None
fortiguard.fortinet.com
May 14, 2025 at 5:49 AM
Fortinet released security updates to patch a critical #RCE exploited as a #zero-day targeting FortiVoice enterprise phone systems. Vulnerability tracked as #CVE-2025-32756. As the company explains, successful exploitation can allow rce via maliciously crafted HTTP requests.
Today is #Microsoft May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed #zero-day #vulnerabilities
www.tripwire.com/state-of-sec...
www.tripwire.com/state-of-sec...
May 2025 Patch Tuesday Analysis
This Patch Tuesday Analysis addresses Microsoft’sMay 2025 Security Updates. FIRE is actively working on coverage for these vulnerabilities.
www.tripwire.com
May 14, 2025 at 5:47 AM
Today is #Microsoft May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed #zero-day #vulnerabilities
www.tripwire.com/state-of-sec...
www.tripwire.com/state-of-sec...
#SCADA Schneider Electric Modicon Controllers - Successful exploitation of these vulnerabilities may risk execution of unsolicited command on the PLC, which could result in a loss of availability of the controller.
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Schneider Electric Modicon Controllers | CISA
www.cisa.gov
April 25, 2025 at 5:56 AM
#SCADA Schneider Electric Modicon Controllers - Successful exploitation of these vulnerabilities may risk execution of unsolicited command on the PLC, which could result in a loss of availability of the controller.
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...