Aggregator

​AI 解放生产力的奇点，可能就在 2025 年。

Talks on bypassing SOCs and initial access—we scoured this year’s list of sessions at Black Hat to find 10 talks worth making time for.

The Datadog Security Research team has uncovered the Mimo threat actor also known as Mimo’lette or Hezb expanding its operations from Craft CMS to Magento CMS. Previously documented for deploying cryptominers via public-facing vulnerabilities, Mimo now exploits undetermined PHP-FPM flaws in Magento installations to gain initial access, marking a tactical shift toward broader platform targeting. […]

The post Mimo Targets Magento CMS to Steal Card Details and Monetize Bandwidth appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OpenAI has had enough of Google's Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora. [...]

French law enforcement said the alleged administrator of the long-running cybercrime forum XSS, formerly known as DaMaGeLab, was arrested in Ukraine.

Microsoft has unveiled a comprehensive suite of AI-powered enhancements for Windows 11, marking a significant leap forward in personal computing experiences.  With nearly 60% of users now employing generative AI for work purposes and 64% for personal projects, Windows 11 positions itself as the definitive platform for AI integration, particularly on Copilot+ PCs equipped with […]

The post Windows 11 Gets New AI-Powered Features – Discover What’s New appeared first on Cyber Security News.

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. [...]

Bitdefender expanded support for Facebook and Instagram for Bitdefender Security for Creators, a dedicated cybersecurity solution for digital content creators, social media influencers, and online creatives. With this expansion, the service delivers powerful, multi-platform protection across YouTube, Instagram, and Facebook, addressing the sharp increase in scams, account takeovers, and malware attacks threatening creators’ livelihoods and reputations. Online scams and credential theft are accelerating at an alarming pace. A recent investigation uncovered a massive cache of … More →

The post Bitdefender boosts protection across major content platforms appeared first on Help Net Security.

A significant privacy protection measure with the Brave browser now blocks Microsoft’s controversial Recall feature by default starting in version 1.81 for Windows users.  The decision reflects growing concerns about user privacy and data security, as Microsoft’s Recall system automatically captures screenshots of user activity and stores them in a local database.  Key Takeaways1. Brave […]

The post Brave Browser Blocks Microsoft Recall by Default Due to Privacy Concerns appeared first on Cyber Security News.

A vulnerability classified as critical was found in SonicWall SMA 100. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2025-40599. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Apache HTTP Server 2.4.64. This affects an unknown part of the component RewriteCond Handler. The manipulation leads to incorrect check of function return value. This vulnerability is uniquely identified as CVE-2025-54090. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zoho ManageEngine Applications Manager up to 176600. It has been rated as problematic. Affected by this issue is some unknown functionality of the component File Monitor. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-27930. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in compojoom CComment Component up to 6.1.14 on Joomla. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-54297. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in ProFiles Component up to 1.5.0 on Joomla. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-54296. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in dj-extensions DJ-Reviews Component up to 1.3.6 on Joomla and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-54295. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Dataprom Informatics PACS-ACSS up to 15.05.2025 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-4411. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in HotelRunner B2B up to 03.06.2025. This affects an unknown part. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2025-4296. It is possible to initiate the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.

CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. [...]

本文系统性地提出了Tor网络实验中可靠统计推断的基础方法，结合新的网络建模、流量建模和仿真平台优化，实现了更大规模、更高效的实验。

A vulnerability, which was classified as critical, has been found in stackideas Komento Component up to 4.0.7 on Joomla. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-54294. The attack may be launched remotely. There is no exploit available.