ZDI-25-209: (Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability

Read Time:14 Second

This vulnerability allows network-adjacent attackers to spoof specific configuration values on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-10445.

USN-7464-1: Jupyter Notebook vulnerability

It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use...

April 28, 2025

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025

Posted by Artur Janicki via Fulldisclosure on Apr 26 [APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber...

April 27, 2025

Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Posted by Daniel Owens via Fulldisclosure on Apr 26 Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of...

April 27, 2025

Ruby on Rails Cross-Site Request Forgery

Posted by Daniel Owens via Fulldisclosure on Apr 26 Good morning. All current versions and all versions since the 2022/2023...

April 27, 2025

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

Posted by hyp3rlinx on Apr 26 [-] Microsoft ".library-ms" File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+]...

April 27, 2025

kappanhang-0-0.3.20250427gitdffb773.fc41

FEDORA-2025-eecb0ea534 Packages in this update: kappanhang-0-0.3.20250427gitdffb773.fc41 Update description: Update to git snapshot dffb773 Read More

April 27, 2025

Friday Squid Blogging: Squid Facts on Your Phone

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

Popular LLMs Found to Produce Vulnerable Code by Default

Hackers access sensitive SIM card data at South Korea’s largest telecoms company

ZDI-25-209: (Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability

USN-7464-1: Jupyter Notebook vulnerability

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025

Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Ruby on Rails Cross-Site Request Forgery

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

kappanhang-0-0.3.20250427gitdffb773.fc41