Aggregator

继续加油

美司法部查获 280 万美元加密货币涉 Zeppelin 勒索软件案

看雪论坛作者ID：nstlgst134

Уязвимость в чат-боте Lena превратила поддержку компании в точку входа для атак.

The Python Package Index (PyPI) has implemented new security measures to protect against domain resurrection attacks, a sophisticated supply-chain threat where attackers purchase expired domains to hijack user accounts through password reset mechanisms. Since early June 2025, the platform has proactively unverified over 1,800 email addresses associated with domains entering expiration phases. Domain resurrection attacks […]

The post PyPI Blocks Expired Domain Access to Prevent Resurrection Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

攻界智汇，技破万防！期待您的声音，与我们共探攻击技术的前沿疆域。

英格兰儿童事务专员 Rachel de Souza 表示，政府需要阻止儿童使用 VPN 绕过色情网站的年龄验证。她表示该漏洞需要堵上，呼吁 VPN 服务也要验证年龄。在 PornHub、Reddit 和 X 等网站开始对访问成人内容的英国用户验证年龄后，VPN 成为英国苹果 App Store 下载量最多的应用。对于限制 VPN 的评论，英国科学、创新和科技部发言人回应称，VPN 是成人使用的合法工具，目前没有禁止的计划。但如果平台故意向儿童推销 VPN 作为绕过年龄验证方法，将面临严厉执法和巨额罚款。

Северная Корея добавила GitHub в список союзников.

A vulnerability was found in appneta tcpreplay up to 4.5.2-beta2. It has been declared as problematic. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-9157. It is possible to launch the attack on the local host. Additionally, an exploit exists. Applying a patch is advised to resolve this issue.

South Yorkshire Police have been reprimanded by the ICO after deleting 96,000 pieces of evidence from officers’ bodycams

As AI adoption accelerates, businesses face hidden risks from third-party models like ChatGPT and Claude, including data leakage and malicious data infiltration. By implementing corporate AI tools and educating employees, companies can harness generative AI’s benefits while safeguarding sensitive data, compliance, and trust.

The post The Hidden Risks of External AI Models and How Businesses can Mitigate Them  appeared first on Security Boulevard.

Submit #630495 / VDB-320537

A vulnerability labeled as critical has been found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share. Affected by this vulnerability is an unknown functionality of the component XE File Parser. The manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2025-52584. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share. Affected by this issue is some unknown functionality of the component VC6 File Parser. This manipulation causes heap-based buffer overflow. This vulnerability is handled as CVE-2025-46269. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in WPC Smart Compare for WooCommerce Plugin up to 6.4.7 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-7496. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability identified as critical has been detected in Media Library Assistant Plugin up to 3.27 on WordPress. The affected element is the function _process_mla_download_file of the file /wp-content/uploads. Performing manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-8357. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Real Spaces Plugin up to 3.6 on WordPress. Affected is the function imic_agent_register. The manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2025-6758. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Santesoft Sante PACS Server up to 4.2.2. This affects an unknown function of the component HL7 Message Handler. Such manipulation leads to double free. This vulnerability is traded as CVE-2025-53948. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Santesoft Sante PACS Server up to 4.2.2 and classified as problematic. This impacts an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-54862. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.