Aggregator

Lawmakers Demand Answers From UHG Amid New Breach and Growing Fallout
When you've been the victim of the largest health data breach in U.S. history, and you've been under intense public and regulatory scrutiny for months, the last thing you want to do is to report another major breach less than a year after the last one. But that just happened to UnitedHealth Group.

Chipmaker Argues Against Growing Interest in US to Require New Security Measures
Artificial intelligence chip-making powerhouse Nvidia is rejecting claims from China’s top cyber agency that its H20 chips include location tracking and kill-switch features - while warning U.S. lawmakers against requiring those capabilities in future chip designs.

CISA Issues Emergency Directive Requiring Federal Agencies to Fix Flaw
A vulnerability in Exchange hybrid deployments could allow attackers to escalate privileges and gain administrative access to cloud-based environments. Microsoft said Tuesday there is no evidence of its exploitation and "strongly" recommended installing hot fix updates made available in April.

Also: Ukrainian Hackers Find Evidence of Russian Child Abduction
This week, a Chinese duo arrested in Los Angeles for illegal artificial intelligence chip exports back to China, France extradited an accused Nigerian hacker, Ukraine hacked Crimean servers, Florida prison email leak, Tea App clone exposed users’ IDs.

4 Bugs Affecting at Least 6,500 Camera Servers Enable Pre-Auth Attacks on Devices
Researchers who uncovered four severe flaws in Axis Communications' video management and camera software say thousands of internet-connected surveillance systems are vulnerable to remote attacks. Attackers can execute arbitrary code without authentication.

8月7日，ISC.AI 2025创新独角兽沙盒大赛巅峰对决圆满落下帷幕。

Cobalt 发布了《2025年CISO安全洞察报告》，揭示了当前企业在人工智能（AI）、第三方风险与内部威胁方面的核心安全挑战及应对策略。

当前环境出现异常，需完成验证后方可继续访问。

文章指出当前环境出现异常，需完成验证后才能继续访问。

Submit #622300 / VDB-319230

Submit #622299 / VDB-319229

Submit #622298 / VDB-319229

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. This vulnerability was named CVE-2025-8732. Attacking locally is a requirement. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

Submit #622285 / VDB-319228

A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. This vulnerability is uniquely identified as CVE-2025-8731. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

美国国土安全部打击了Royal和BlackSuit勒索软件团伙，该团伙入侵数百家美国公司并获赎金3.7亿美元。该团伙最初为Quantum勒索软件，在2022年改名为Royal，并于2023年转为BlackSuit品牌。目前该团伙计划以Chaos品牌继续活动。

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. This vulnerability is handled as CVE-2025-8730. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #621749 / VDB-319227

Submit #621763 / VDB-145464