CyberAlerts

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit...

Description: Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.

CVSS: MEDIUM (5.0)

EPSS Score: 0.02%

Source: CVE

June 5th, 2025 (3 days ago)

Finding Balance in US AI Regulation

Description: The US can't afford to wait for political consensus to catch up to technological change.

Source: Dark Reading

June 5th, 2025 (3 days ago)

🏴‍☠️ Akira has just published a new victim : RECYCLA

Description: RECYCLA provides a waste treatment, disposal and recovery service for companies in the industrial and artisan sectors based on the principles of the circular economy. We are going to upload about 160 GB of corporate data. A lot of d etailed employee personal information (DOB, addresses, credit car d details and so on), client data, financial data, contracts and agreements, NDAs, etc.

Source: Ransomware.live

June 5th, 2025 (3 days ago)

🏴‍☠️ Akira has just published a new victim : AMS Paving

Description: AMS Paving, Inc. has been providing quality paving and maintenanc e services throughout Southern California since 1981. We are going to upload about 17 GB of corporate data. Employee pe rsonal information (DLs, DOB, addresses, credit card details and so on), lots of contracts and agreements, client data, financial data, accounting and financial data, payment details, etc.

Source: Ransomware.live

June 5th, 2025 (3 days ago)

🏴‍☠️ Blacklock has just published a new victim : Ryan Harvie McEnery

Description: Accounting Services Australia <25 Employees Ryan Harvie McEnery offers businesses & individuals dedicated professional assistance with taxation, superannuation, accountancy & valuation services. Revenue <$5 Million

Source: Ransomware.live

June 5th, 2025 (3 days ago)

🏴‍☠️ Crypto24 has just published a new victim : Tien Tuan Pharmaceutical Machinery Co. Ltd

Description: [AI generated] Tien Tuan Pharmaceutical Machinery Co. Ltd is a leading provider of integrated software solutions for the pharmaceutical industry. The Vietnam-based company specializes in offering digital solutions to optimize the pharmaceutical manufacturing and distribution process. Their products include solutions for pharmaceutical lifecycle management, manufacturing execution systems, and plant intelligence. Their clients are major global pharmaceutical and biotechnology companies.

Source: Ransomware.live

June 5th, 2025 (3 days ago)

Germany Fines Vodafone €45 Million Over Severe Data Protection Failures

Description: Germany's Federal Commissioner for Data Protection and Freedom of Information (BfDI) has imposed fines totaling €45 million against Vodafone GmbH due to significant lapses in data protection and information security that facilitated fraud and unauthorized access to customer data. BfDI's investigation revealed that malicious actors within Vodafone's third-party partner agencies exploited weak internal controls to … The post Germany Fines Vodafone €45 Million Over Severe Data Protection Failures appeared first on CyberInsider.

Source: CyberInsider

June 5th, 2025 (3 days ago)

TSA Working on Haptic Tech To 'Feel' Your Body in Virtual Reality

Description: The tech would "detect the contour of a target (a person and/or an object) at a distance, optionally penetrating through clothing" and transmit it to a haptic feedback glove.

Source: 404 Media

June 5th, 2025 (3 days ago)

CVE-2025-5660

PHPGurukul Complaint Management System register-complaint.php sql injection

Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PHPGurukul Complaint Management System 2.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /user/register-complaint.php. Durch Manipulation des Arguments noc mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2025-5659

PHPGurukul Complaint Management System profile.php sql injection

Description: A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Complaint Management System 2.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /user/profile.php. Durch die Manipulation des Arguments pincode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE

June 5th, 2025 (3 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0691	Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit... Description: Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation. CVSS: MEDIUM (5.0) EPSS Score: 0.02% Source: CVE June 5th, 2025 (3 days ago)
	Finding Balance in US AI Regulation Description: The US can't afford to wait for political consensus to catch up to technological change. Source: Dark Reading June 5th, 2025 (3 days ago)
	🏴‍☠️ Akira has just published a new victim : RECYCLA Description: RECYCLA provides a waste treatment, disposal and recovery service for companies in the industrial and artisan sectors based on the principles of the circular economy. We are going to upload about 160 GB of corporate data. A lot of d etailed employee personal information (DOB, addresses, credit car d details and so on), client data, financial data, contracts and agreements, NDAs, etc. Source: Ransomware.live June 5th, 2025 (3 days ago)
	🏴‍☠️ Akira has just published a new victim : AMS Paving Description: AMS Paving, Inc. has been providing quality paving and maintenanc e services throughout Southern California since 1981. We are going to upload about 17 GB of corporate data. Employee pe rsonal information (DLs, DOB, addresses, credit card details and so on), lots of contracts and agreements, client data, financial data, accounting and financial data, payment details, etc. Source: Ransomware.live June 5th, 2025 (3 days ago)
	🏴‍☠️ Blacklock has just published a new victim : Ryan Harvie McEnery Description: Accounting Services Australia <25 Employees Ryan Harvie McEnery offers businesses & individuals dedicated professional assistance with taxation, superannuation, accountancy & valuation services. Revenue <$5 Million Source: Ransomware.live June 5th, 2025 (3 days ago)
	🏴‍☠️ Crypto24 has just published a new victim : Tien Tuan Pharmaceutical Machinery Co. Ltd Description: [AI generated] Tien Tuan Pharmaceutical Machinery Co. Ltd is a leading provider of integrated software solutions for the pharmaceutical industry. The Vietnam-based company specializes in offering digital solutions to optimize the pharmaceutical manufacturing and distribution process. Their products include solutions for pharmaceutical lifecycle management, manufacturing execution systems, and plant intelligence. Their clients are major global pharmaceutical and biotechnology companies. Source: Ransomware.live June 5th, 2025 (3 days ago)
	Germany Fines Vodafone €45 Million Over Severe Data Protection Failures Description: Germany's Federal Commissioner for Data Protection and Freedom of Information (BfDI) has imposed fines totaling €45 million against Vodafone GmbH due to significant lapses in data protection and information security that facilitated fraud and unauthorized access to customer data. BfDI's investigation revealed that malicious actors within Vodafone's third-party partner agencies exploited weak internal controls to … The post Germany Fines Vodafone €45 Million Over Severe Data Protection Failures appeared first on CyberInsider. Source: CyberInsider June 5th, 2025 (3 days ago)
	TSA Working on Haptic Tech To 'Feel' Your Body in Virtual Reality Description: The tech would "detect the contour of a target (a person and/or an object) at a distance, optionally penetrating through clothing" and transmit it to a haptic feedback glove. Source: 404 Media June 5th, 2025 (3 days ago)
CVE-2025-5660	PHPGurukul Complaint Management System register-complaint.php sql injection Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PHPGurukul Complaint Management System 2.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /user/register-complaint.php. Durch Manipulation des Arguments noc mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.3) EPSS Score: 0.03% Source: CVE June 5th, 2025 (3 days ago)
CVE-2025-5659	PHPGurukul Complaint Management System profile.php sql injection Description: A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Complaint Management System 2.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /user/profile.php. Durch die Manipulation des Arguments pincode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.3) EPSS Score: 0.03% Source: CVE June 5th, 2025 (3 days ago)