Aggregator

Name: Sawah Cyber Security CTF 2025 (an Sawah Cyber Security CTF event.)
Date: Aug. 23, 2025, 5 a.m. — 23 Aug. 2025, 09:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Indonesia, Bali
Offical URL: https://ctf.sawahcyber.id/
Rating weight: 0
Event organizers: Sawah Cyber Security

Name: KubanCTF Qualifier 2025 (an HackerLab event.)
Date: Aug. 23, 2025, 7 a.m. — 23 Aug. 2025, 17:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://kubanctf2025.ru/
Rating weight: 0.00
Event organizers: Codeby Games

Microsoft is investigating a significant service incident within Exchange Online, identified as EX1137017, which is preventing some users from sending or receiving emails through the Outlook mobile application. The issue, which remains ongoing, specifically impacts customers utilizing Hybrid Modern Authentication (HMA), a common configuration for organizations that integrate on-premises Exchange servers with Exchange Online. The […]

The post Microsoft 365 Exchange Online Outage Blocks Email on Outlook Mobile App appeared first on Cyber Security News.

Решена главная проблема масштабирования квантовых машин.

A network monitoring tool is software or hardware that helps businesses monitor their computer networks and learn more about their security, health, and performance. These tools record and examine network traffic, monitor network hardware, and give users immediate access to information on bandwidth usage, latency, packet loss, and other crucial network parameters. Network monitoring tools […]

The post 20 Best Network Monitoring Tools in 2025 appeared first on Cyber Security News.

The digital landscape in 2025 is more complex than ever, with organizations relying on intricate hybrid, cloud, and on-premises networks to power their operations. Network monitoring tools have become indispensable for IT teams to maintain network health, security, and performance. These solutions provide real-time visibility into network devices, traffic, and applications, helping administrators proactively identify […]

The post 10 Best Network Monitoring Tools in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Термоядерные реакторы больше не будут плавить себя изнутри — найдено элегантное решение.

检测微服务应用中的污点风格漏洞 by ourren

更多最新文章，请访问SecWiki

A vulnerability labeled as critical has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-9394. It is possible to launch the attack on the local host. Additionally, an exploit exists. A patch should be applied to remediate this issue.

Submit #632365 / VDB-321227

Submit #632364 / VDB-321227

A vulnerability identified as critical has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. This vulnerability is known as CVE-2025-9393. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-9392. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #631538 / VDB-321226

Submit #631537 / VDB-321225

A vulnerability was found in Bjskzy Zhiyou ERP up to 11.0. It has been rated as critical. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. This vulnerability appears as CVE-2025-9391. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in vim up to 9.1.1615. It has been declared as critical. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. This vulnerability is reported as CVE-2025-9390. The attack requires a local approach. Moreover, an exploit is present. It is recommended to upgrade the affected component.

Submit #631536 / VDB-321224

Submit #630903 / VDB-321223

被裁前在前雇主 IT 系统植入恶意程序和设立关闭开关的开发者 Davis Lu 被判四年监禁以及三年的监督释放。美国司法部称，2018 年 Davis Lu 任职的 Eaton Corporation 进行了重组，他遭到了降级。他随后在公司 Windows 生产环境中植入恶意代码进行报复。该恶意程序包含了一个无限的 Java 线程循环，旨在拖垮服务器，导致生产系统崩溃。Lu 还创建了一个过于明显的关闭开关：IsDLEnabledinAD ("Is Davis Lu enabled in Active Directory") ，当 Active Directory 中他的账户被禁用，关闭开关将会激活禁用所有用户的账户。2019 年 9 月 9 日，Lu 的雇佣关系终止，账户被禁用后关闭开关激活，数千名用户被锁定在系统外。此事导致雇主损失了数十万美元。在 Lu 被要求上缴公司发的笔记本电脑前，他删除了其中的加密数据。调查人员后来从设备上发现了他的搜索查询记录，包括搜寻如何提权，隐藏进程以及快速删除文件。