Aggregator

Currently trending CVE - Hype Score: 7 - Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a ...

Stay updated with the latest in Java! Discover key updates from OpenJDK, Spring Framework, and AWS, plus critical news affecting the community.

The post Java and AWS Updates, Mayor’s Budget Cuts, and Floods in Indonesia appeared first on Security Boulevard.

Discover how a backdoored Go package exploited the module mirror for 3+ years. Learn vital security practices to safeguard your code.

The post Three-Year Go Module Mirror Backdoor Exposed: Supply Chain Attack appeared first on Security Boulevard.

A vulnerability was found in Able Player, Accessible HTML5 Media Player Plugin up to 1.2.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument preload leads to cross site scripting. This vulnerability was named CVE-2025-3752. The attack can be initiated remotely. There is no exploit available.

28% уязвимостей используются в первые сутки. Успевают ли сисадмины обновить софт?

国家计算机病毒应急处理中心检测，67款移动应用存在违法违规收集使用个人信息情况。

随着用于编码的生成式人工智能工具的使用日益增多，且相关模型存在 “臆造” 出不存在的软件包名称的倾向，一种名为 “slopsquatting” 的新型供应链攻击已经出现。

A vulnerability has been found in David Harris Pegasus Mail 3.12 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mailto Handler. The manipulation of the argument -F leads to improper privilege management. This vulnerability is known as CVE-2000-0930. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cybersecurity analysts have issued a high-priority warning after several incidents revealed active exploitation of SAP NetWeaver, the widely deployed enterprise integration platform. Attackers have leveraged an unreported 0-day vulnerability to deploy web shells, which give them remote command execution capabilities and persistent backdoor access even on fully patched systems. CVE Details The exposure centers around […]

The post SAP NetWeaver 0-Day Vulnerability Enables Webshell Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HackerNews 编译，转载请注明出处： WhatsApp推出了一项名为“高级聊天隐私（Advanced Chat Privacy）”的新功能，旨在保护私聊和群组对话中交换的敏感信息。该隐私选项可在点击聊天名称后启用，用于阻止他人保存媒体文件和导出聊天内容。 WhatsApp表示：“今天我们推出了最新的隐私层‘高级聊天隐私’。这项在聊天和群组中均可使用的新设置，能在您需要更高隐私时防止他人将WhatsApp内的内容外传。启用该设置后，您可阻止他人导出聊天记录、自动下载媒体至手机，以及将消息用于人工智能（AI）功能。这将使聊天中的每位成员更确信无人能将对话内容带出聊天。” 该公司补充称这是该功能的第一个版本，正在向所有已更新至最新版本WhatsApp的用户推送。WhatsApp还在为该功能开发更多防护措施以增强其效果。但需注意，即使启用“高级聊天隐私”，仍存在通过截屏（如果未禁用截图功能）等方式提取敏感媒体和信息的可能。 这项新功能是WhatsApp七年前启动的通信安全强化计划的一部分——当时该公司首次引入端到端加密。五年后（2021年10月），WhatsApp开始向iOS和Android设备推送端到端加密的聊天备份功能。同年12月，通过为所有新聊天添加默认“阅后即焚”消息支持进一步扩展隐私控制。 近期更新包括：使用密码或指纹锁定聊天、通过“秘密代码”隐藏锁定聊天、允许Android和iOS用户在通话时通过WhatsApp服务器代理隐藏地理位置。自2024年10月起，WhatsApp还开始加密联系人数据库以实现隐私同步，确保联系人列表与账户绑定（而非设备），便于设备更换时的管理。 Meta在2020年初宣布，来自180多个国家的超过20亿用户正在使用WhatsApp视频通话和即时通讯平台。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

李彦宏发布两大新模型、多款 AI 应用，帮助开发者全面拥抱 MCP。

Пользователи Cursor и VS Codium вынуждены искать альтернативы.

A vulnerability was found in Trend Micro Apex One and Apex One as a Service. It has been declared as critical. This vulnerability affects unknown code of the component Damage Cleanup Engine. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-45797. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Aruba Networks EdgeConnect Enterprise up to 8.3.7.1/9.0.7.0/9.1.3.0/9.2.1.0. Affected by this vulnerability is an unknown functionality of the component Command Line Interface. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2022-37924. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Aruba EdgeConnect Enterprise up to 8.3.7.1/9.0.7.0/9.1.3.0/9.2.1.0. Affected is an unknown function of the component Web-based Management. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-37925. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Aruba EdgeConnect Enterprise up to 8.3.7.1/9.0.7.0/9.1.3.0/9.2.1.0. Affected by this vulnerability is an unknown functionality of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-37926. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Johnson Controls Software House iStar Pro Door Controller and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2024-32752. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Qt up to 6.7.x/6.8.3. Affected by this vulnerability is the function QTextMarkdownImporter of the component Markdown File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-3512. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.