Aggregator

Private-Sector Cyber Leader Kirsten Davies Tapped to Lead DoD IT and Security
President Donald Trump has nominated Kirsten Davies to serve as CIO of the Department of Defense - a pivotal role in modernizing the Pentagon's sprawling digital infrastructure. The nomination was submitted to Congress and has been referred to the Committee on Armed Services for consideration.

mips/arm pwn汇编指令，函数调用机制，题目运行的运行和调试

某info开源系统是一款开源的php程序，主要用于官网搭建，系统采用自研的架构。

Новая технология из Индии заряжается за 6 минут и переживает 3000 циклов.

After a cyberattack first identified about 10 days ago, Alabama's IT leaders said the "threat has been neutralized and Alabama’s core operations are safe and stable."

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

edusrc的某个证书站，通过打组合拳的方式拿下管理后台

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. [...]

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Renormalization’ appeared first on Security Boulevard.

后渗透信息/密码/凭证收集工具

Биологи собрали существо, которое не снилось даже Лавкрафту.

XSS（跨站脚本攻击）是一种常见的 Web 安全漏洞，攻击者通过向网页注入恶意脚本，利用浏览器的漏洞在用户端执行恶意操作。XSS 漏洞主要有三种类型：反射型 XSS、存储型 XSS 和 DOM 型 XSS。反射型 XSS 通过恶意链接诱使用户点击，立即执行脚本；存储型 XSS 将恶意脚本存储在服务器中，导致后续访问的用户都被攻击；DOM 型 XSS 通过修改客户端的 DOM 来执行恶意脚本。XSS

A vulnerability classified as problematic was found in Linux Kernel up to d1347977661342cb09a304a17701eb2d4aa21dec. This vulnerability affects the function should_flush_tlb. The manipulation leads to privilege escalation. This vulnerability was named CVE-2025-37964. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to a41cd52f00907a040ca22c73d4805bb79b0d0972. This affects the function parse_lease_state of the component ksmbd. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-37962. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5. It has been rated as problematic. Affected by this issue is the function d_alloc of the component ksmbd. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-37956. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component arm64. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2025-37963. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been classified as critical. Affected is an unknown function of the file arch/x86/kvm/x86.c of the component KVM. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-37957. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.