Whalers Blog

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming … Read more Published Date: Jun 09, 2025 (2 hours, 56 minutes ago) Vulnerabilities has been mentioned in…

Multiple QNAP Vulnerabilities Let Remote Attacker Gains Access to a User Account Two significant QNAP security vulnerabilities affecting Qsync Central 4.5.x that could allow remote attackers to exploit user accounts and gain unauthorized access to sensitive data. The vulnerabiliti … Read more Published Date: Jun 09, 2025 (3 hours, 10 minutes ago) Vulnerabilities has been mentioned in…

Jenkins Gatling Plugin Vulnerability Let Attackers Bypass Content-Security-Policy Protection A critical cross-site scripting (XSS) vulnerability in the popular Jenkins Gatling Plugin allows attackers to bypass Content-Security-Policy (CSP) protections. The vulnerability, tracked as CVE-2025-5 … Read more Published Date: Jun 09, 2025 (3 hours, 20 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-5806 Go to Source

⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks Cybersecurity / Hacking News Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways—through delays, odd behavior, or subtle … Read more Published Date: Jun 09, 2025 (3 hours, 42 minutes ago)…

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover! A severe vulnerability in the PayU CommercePro plugin for WordPress, which has over 5,000 active installations, allows unauthenticated attackers to take over any user account, including admins. Tracke … Read more Published Date: Jun 09, 2025 (4 hours, 14 minutes ago) Vulnerabilities has been mentioned…

Digitale videorecorders TBK aangevallen door Mirai-botnet Digitale videorecorders van fabrikant TBK zijn het doelwit van een variant van de Mirai-malware, die besmette apparaten onderdeel maakt van een botnet. Dat laat antivirusbedrijf Kaspersky in een analy … Read more Published Date: Jun 09, 2025 (4 hours, 23 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-3721 Go…

Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs An IT services company, a European media group, and a South Asian government entity are among the more than 75 companies where China-linked groups have planted malware to access strategic networks sho … Read more Published Date: Jun 09, 2025 (5 hours,…

How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel … Read more Published Date: Jun 09, 2025 (7 hours, 25 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2023-34048…

PoC Exploit Released for Fortinet 0-Day Vulnerability that Allows Remote Code Execution A new proof-of-concept (PoC) exploit for a critical zero-day vulnerability affecting multiple Fortinet products raises urgent concerns about the security of enterprise network infrastructure. The vuln … Read more Published Date: Jun 09, 2025 (12 hours, 17 minutes ago) Vulnerabilities has been mentioned in this…

Critical CVSS 10.0 Flaws in B. Braun OnlineSuite Threaten Healthcare Infrastructure B. Braun Melsungen AG has issued a high-priority security advisory warning of three severe vulnerabilities affecting its OnlineSuite AP 3.0 and earlier, including one rated a maximum CVSS score of 10. … Read more Published Date: Jun 09, 2025 (14 hours, 23 minutes ago) Vulnerabilities has…