Aggregator

A vulnerability, which was classified as problematic, was found in Activestate ActivePython 3.2.2.3. This issue affects some unknown processing in the library wlbsctrl.dll of the component Installation. The manipulation leads to untrusted search path. The identification of this vulnerability is CVE-2012-5379. An attack has to be approached locally. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability classified as critical was found in Cisco Firepower Management Center and Firepower Threat Defense. This issue affects some unknown processing of the component CLI. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2025-20220. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Fortinet FortiSIEM up to 7.3.1. This affects an unknown part of the component CLI. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-25256. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Ответ на вопрос «одиноки ли мы» может прятаться под слоем лавы…

CVE-2025-54424 证书校验失效+命令注入=攻击者直取root权限

伪造HR账号投毒.exe文件，远程操控+内部社工=精准收割

EncryptHub利用微软Windows漏洞CVE-2025-26633结合社会工程学传播恶意软件,伪装成IT部门发送请求,诱导用户运行恶意MSC文件,并借助Brave Support等平台分发工具如SilentCrystal,实施多阶段攻击,最终部署窃取器等恶意负载。

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerability in the Microsoft Management Console (MMC) framework (CVE-2025-26633, aka MSC EvilTwin) to trigger

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息，帮助他们从大量数据中提取关键内容。