Aggregator

Name: SekaiCTF 2025 (an SekaiCTF event.)
Date: Aug. 16, 2025, 1 a.m. — 18 Aug. 2025, 01:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.sekai.team/
Rating weight: 55.00
Event organizers: Project Sekai

这篇文章揭示了网络安全行业中存在的腐败问题，尤其是CISO涉及的贿赂和回扣行为。作者通过具体案例展示了这些不当交易如何破坏行业道德，并呼吁公开讨论以恢复诚信。

Pay-for-access dinners. Equity asks. Quiet kickbacks. The CISO payola problem is real — and it’s threatening the integrity of cybersecurity leadership.

The post Do We Have a CISO Payola Problem? appeared first on Security Boulevard.

AI is moving from proof-of-concept into everyday security operations. In many SOCs, it is now used to cut down alert noise, guide analysts during investigations, and speed up incident response. What was once seen as experimental technology is starting to deliver results that CISOs can measure. Some of this has been in place for years. Machine learning already powers many threat detection engines and behavioral analytics tools. But the recent wave of GenAI has opened … More →

The post How security teams are putting AI to work right now appeared first on Help Net Security.

快速浏览！2025.8.11—8.17安全动态周回顾。

该漏洞与一个月前披露的另一个WinRAR路径遍历漏洞（追踪编号CVE-2025-6218）相似。

In a significant breach of both cybersecurity defenses and secrecy, a trove of sensitive hacking tools and technical documentation, believed to originate from a North Korean threat actor, has recently been leaked online. The dump, revealed through an extensive article in Phrack Magazine, includes advanced exploit tactics, a detailed system compromise log, and most notably, […]

The post North Korean Hackers Stealthy Linux Malware Leaked Online appeared first on Cyber Security News.

文章介绍了终端（Terminal）、TTY、Shell和SSH的概念及其作用，并详细讲解了iShell Pro这款跨平台SSH工具的功能，包括自定义主题、多服务器管理、AI助手、笔记功能等特色。

A threat actor operating under the alias “Chucky_BF” has posted a concerning advertisement on a well-known cybercrime forum, claiming to possess and sell a “Global PayPal Credential Dump 2025” containing over 15.8 million email and plaintext password pairs.  The dataset, measuring approximately 1.16GB in plain text format, allegedly comprises sensitive credentials sourced from multi-domain PayPal […]

The post Threat Actor Allegedly Claiming Access to 15.8 Million PayPal Email and Passwords in Plaintext appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Unisoc SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151 and UWS6152. This issue affects some unknown processing of the component Developer Tools. Executing manipulation can lead to improper input validation. The identification of this vulnerability is CVE-2025-31714. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Unisoc SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151 and UWS6152. This vulnerability affects unknown code of the component Vowifi Service. Performing manipulation results in command injection. This vulnerability was named CVE-2025-31715. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Unisoc SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151 and UWS6152. This affects an unknown part of the component Engineer Mode Service. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-31713. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as critical has been found in Kubernetes Image Builder up to 0.1.44. Affected by this issue is some unknown functionality. This manipulation causes hard-coded credentials. This vulnerability is handled as CVE-2025-7342. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

Spiral-Bench измеряет умение моделей возражать, успокаивать и не вредить пользователю.

2025年8月16日，在德国波恩的FrOSCon会议上，作者发表了题为“curl、开源与网络”的主题演讲，吸引了数百名听众到场聆听。

A vulnerability classified as critical was found in Linux Kernel up to 5.18.17. Affected by this vulnerability is the function smb2_write of the file fs/ksmbd/smb2pdu.c of the component ksmbd. The manipulation results in information disclosure. This vulnerability was named CVE-2022-47940. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.2.7. This affects the function ntfs_read_mft of the file fs/ntfs3/inode.c of the component Metadata Handler. The manipulation of the argument MFT_REC_MFT leads to use after free. This vulnerability is referenced as CVE-2022-48425. The attack needs to be initiated within the local network. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability has been found in Linux Kernel up to 6.10.2 and classified as critical. This affects the function devm_kzalloc of the component PCM6240. Performing manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2024-43822. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.8.2. It has been rated as critical. Affected by this vulnerability is the function cgr_lock of the component qbman. Performing manipulation results in deadlock. This vulnerability is reported as CVE-2024-35806. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

The PostgreSQL Global Development Group released emergency security updates on August 14, 2025, addressing three critical vulnerabilities that enable code injection attacks during database restoration processes. The flaws affect all supported versions from PostgreSQL 13 through 17, requiring immediate patching across enterprise environments. Dangerous Dump and Restore Vulnerabilities Two severe code execution vulnerabilities, CVE-2025-8714 and […]

The post Critical PostgreSQL Flaws Allow Code Injection During Restoration appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.