Aggregator

A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android application components. This vulnerability is known as CVE-2025-7940. Local access is required to approach this attack. Furthermore, there is an exploit available.

Submit #619141 / VDB-317082

Как Replit превратил восторг от ИИ в катастрофу с реальными потерями.

Submit #619036 / VDB-317077

当前环境出现异常提示，请完成验证后即可继续访问。

Microsoft warns of ongoing active exploitation of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770. Microsoft warns of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770 (CVSS score of 9.8), which is under active exploitation. Unfortunately, the flaw has yet to be addressed. The vulnerability is a deserialization of untrusted data in on-premises Microsoft SharePoint Server, an […]

微软警告 SharePoint 存在零日漏洞 CVE-2025-53770（CVSS 9.8），已被积极利用。该漏洞允许攻击者在未经身份验证的情况下执行远程代码。微软建议启用 AMSI 和部署 Microsoft Defender 以缓解风险，但尚未发布补丁。

Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting.  The vulnerabilities, assigned as CVE-2025-53770 and CVE-2025-53771, pose immediate risks to organizations running SharePoint infrastructure and require immediate remediation. Key Takeaways1. Active zero-day attacks targeting on-premises SharePoint servers via CVE-2025-53770 and CVE-2025-53771.2. Apply security updates […]

The post Microsoft Released Emergency Security Update to Patch Critical SharePoint 0-Day Vulnerability appeared first on Cyber Security News.

MySpeed 是一个开源后台测速工具，支持 Docker 部署，默认每小时自动测速一次，并可保留 30 天数据。用户可通过图表查看宽带情况，并选择 Ookla、LibreSpeed 或 Cloudflare 测速源。此外，它支持多种通知方式和 Prometheus/Grafana 数据展示。

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-7939. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2025-7938. The attack may be initiated remotely. Furthermore, there is an exploit available.

一项旨在预防线粒体 DNA 疾病遗传的开创性体外受精技术（IVF）——原核移植，已成功帮助 8 名婴儿健康出生。这些婴儿共有四男四女，其中一对为同卵双胞胎。他们由 7 名携带高风险线粒体 DNA 突变的女性所生，但均未表现出任何线粒体疾病迹象。该技术通过将母亲受精卵中的核 DNA，转移到一个健康捐赠者去核的卵子中，从而避免将母亲线粒体中的致病突变遗传给下一代。由此产生的胚胎，携带了父母的核 DNA 和捐赠者的线粒体DNA，因此被称为“三亲婴儿”。线粒体疾病，由线粒体中的基因突变引发，可能导致肌肉无力、癫痫、发育迟缓、器官衰竭乃至死亡。尽管常规体外受精检测可识别多数突变，但很多时候依然存在不确定性。这是“三亲婴儿”相关技术得以出现的原因。

Submit #618986 / VDB-317076

Submit #618985 / VDB-317075

Security gaps, coupled with savvy cybercriminals, lend urgency to mitigating the potential for exploitation posed by surveillance tech.

The post Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance  appeared first on Security Boulevard.

墨西哥城的政府监控摄像头被毒贩黑客利用，导致FBI线人被追踪并杀害。黑客通过监控系统和电话记录识别出FBI官员，并利用这些信息威胁或杀害潜在的线人。事件揭示了监控技术滥用的风险，并促使FBI加强安全措施和技术培训以应对威胁。

A vulnerability has been found in Digiwin SFT up to 3.7.12 and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-7343. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Nokia WaveSuite NOC. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-24937. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in ASKEY RTF8207w and RTF8217. Affected by this issue is some unknown functionality. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-7921. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Digiwin EAI. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect use of privileged apis. This vulnerability is known as CVE-2025-7344. The attack can be launched remotely. There is no exploit available.