Aggregator

近期，一些不法机构或平台通过虚假宣传手段，诱导消费者办理网络贷款，不仅给消费者带来沉重的经济负担，还可能使消费者陷入法律纠纷。国家金融监督管理总局金融消费者权益保护局发布风险提示，提醒广大群众警惕虚假宣传诱导网络贷款的风险，提高风险防范意识

近日，国家互联网信息办公室发布《可能影响未成年人身心健康的网络信息分类办法（征求意见稿）》，向社会公开征求意见，进一步明确可能影响未成年人身心健康的网络信息的具体种类、范围、判断标准和提示办法。意见反馈截止日期为2025年7月19日。

《基于金融业跨银行企业资金流水核验场景的安全多方计算技术应用案例》涉及金融行业内跨机构的数据流通安全问题。为提升金融风险管理水平，建立起银行间高效合规的数据交互与协同机制具有重要的意义。

根据《个人信息保护法》《个人信息保护合规审计管理办法》等法律法规规章规定，国家互联网信息办公室就开展个人信息保护负责人信息报送工作有关事项公告如下……

Microsoft has shed light on the sophisticated operations of Octo Tempest, a financially motivated cybercriminal group alternatively known as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus. This threat actor has demonstrated a versatile arsenal of tactics, techniques, and procedures (TTPs) in end-to-end attacks targeting organizations across various sectors. Octo Tempest’s methodology typically begins with initial […]

The post Microsoft Uncovers Scattered Spider Tactics, Techniques, and Procedures in Recent Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Mattermost up to 9.11.16/10.5.6/10.7.3/10.8.1. It has been rated as critical. This issue affects some unknown processing of the component Private Channel Handler. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2025-6226. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.16/10.5.7/10.7.3/10.8.1. It has been declared as critical. This vulnerability affects unknown code of the component JSONL File Import. The manipulation leads to path traversal. This vulnerability was named CVE-2025-6233. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7803. It is possible to initiate the attack remotely. There is no exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Cybersecurity researchers at Northeastern University and Dartmouth College have unveiled a groundbreaking attack technique that exploits fundamental parsing discrepancies in Web Application Firewalls (WAFs), potentially compromising the security of millions of websites worldwide. The research, dubbed “WAFFLED” (Web Application Firewall Fuzzing through Language Exploitation and Discrepancy), demonstrates how attackers can bypass five major WAF platforms. […]

The post WAFFLED: New Technique Targets Web Application Firewall Weaknesses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

64 миллиона анкет попали в руки посторонних.

Submit #616885 / VDB-316869

Jailbreak, профили конфигурации, Activation Lock и другие скрытые угрозы.

关于爬取*ray面板管理后台代理池的脚本，支持系统状态监控 支持多用户多协议，网页可视化操作

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.14.5/6.15-rc4. Affected is the function btrfs_iget of the file fs/super.c of the component btrfs. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-37904. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4. This affects the function bnxt_init_chip of the file kernel/workqueue.c. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2025-37895. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4. It has been classified as critical. This affects the function bit_start. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-37931. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.5/6.15-rc4. It has been classified as problematic. This affects the function spi_mem_calc_op_duration of the component SPI. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-37896. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.89/6.12.27/6.14.5/6.15-rc4. This issue affects some unknown processing of the component book3s64. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-37922. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4. This issue affects the function iommu_copy_struct_from_user of the component iommu. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-37900. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.27/6.14.5/6.15-rc4. This affects the function acp_i2s_set_tdm_slot of the component ASoC. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-37919. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.