Aggregator

A vulnerability classified as critical was found in Qualcomm Snapdragon Compute and Snapdragon Industrial IOT. This vulnerability affects unknown code. The manipulation leads to time-of-check time-of-use. This vulnerability was named CVE-2025-27076. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HashiCorp Vault and Vault Enterprise up to 1.14.9/1.15.x. It has been classified as critical. This affects an unknown part of the component TLS Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2024-2048. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cloudflare quiche up to 0.19.1/0.20.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to resource consumption. This vulnerability is known as CVE-2024-1410. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cloudflare quiche up to 0.19.0/0.20.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2024-1765. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TP-Link Omada ER605. This vulnerability affects unknown code. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-5243. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in TP-Link Omada ER605. Affected is an unknown function. The manipulation leads to reliance on security through obscurity. This vulnerability is traded as CVE-2024-5244. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DIR-2150 1.06B01 and classified as critical. This issue affects the function GetDeviceSettings of the component SOAP API Interface. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2024-5291. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-2640 1.11B02_BETA02. It has been classified as critical. Affected is an unknown function of the file prog.cgi of the component lighttpd Webserver. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-5293. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link D-View 2.0.1.28. It has been rated as critical. Affected by this issue is the function executeWmicCmd. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-5297. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as very critical has been found in D-Link D-View 2.0.1.28. This affects the function queryDeviceCustomMonitorResult. The manipulation leads to exposed dangerous routine. This vulnerability is uniquely identified as CVE-2024-5298. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in D-Link D-View 2.0.1.28. This issue affects the function TokenUtils. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2024-5296. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in D-Link DIR-3040 120B03 and classified as problematic. Affected by this vulnerability is the function websSecurityHandler of the file prog.cgi. The manipulation leads to memory leak. This vulnerability is known as CVE-2024-5294. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in TP-Link AX1800. It has been rated as critical. This issue affects some unknown processing of the component hotplugd Firewall Rule Handler. The manipulation leads to race condition. The identification of this vulnerability is CVE-2023-27359. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Insikt Group has uncovered new infrastructure tied to the Israeli spyware vendor Candiru, now operating under Saito Tech Ltd., highlighting the persistent deployment of its advanced DevilsTongue malware. Utilizing Recorded Future Network Intelligence, researchers identified eight distinct operational clusters, each exhibiting variations in infrastructure design and administration. These include victim-facing components for deploying and commanding […]

The post Sophisticated DevilsTongue Spyware Tracks Windows Users Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

维基百科编辑采用了一项新政策去处理大量涌入的 AI 生成文章。新政策允许管理员快速删除符合一定条件的 AI 生成文章。维基百科以前的文章删除流程通常需要长达一周的讨论。对于 AI 生成文章，在标记和审核是否符合条件之后管理员可以无需讨论快速删除。允许快速删除的 AI 文章需要满足两个条件：其一包含明显的大模型对提示词的回应如 Here is your Wikipedia article on…、Up to my last training update … 以及 as a large language model 等等之类；另一个条件是大模型经常犯的错误——引用不存在或显然错误的来源。

The Ukrainian threat intelligence group UAC-0099 has significantly evolved its cyber warfare capabilities, deploying a sophisticated new malware toolkit targeting Ukrainian state authorities, Defense Forces, and defense industrial enterprises. The National Cyber Incident Response Team CERT-UA has documented a series of coordinated attacks employing HTA (HTML Application) files as the primary delivery mechanism for the […]

The post UAC-0099 Hackers Weaponizing HTA Files to Deliver MATCHBOIL Loader Malware appeared first on Cyber Security News.

文章讨论了对人工智能（AI）炒作的看法。作者指出朋友Marcus Hutchins对AI持怀疑态度，并认为其对“智能”的定义过于狭隘，仅限于“新颖发现”，而忽视了日常知识工作中大量智力活动的重要性。作者强调这些工作无法被自动化取代的事实证明它们需要真正的智能，并认为AI之所以具有颠覆性是因为它首次能够模拟这种人类智能。

Правительство наконец придумало, как не дать кремнию пересечь границу.

Google has confirmed that one of its corporate Salesforce instances was compromised in June by the threat group tracked as UNC6040. This incident is part of a Salesforce attack campaign involving voice phishing attacks aimed at stealing sensitive data from organizations’ Salesforce environments, followed by extortion demands. The breach highlights the growing risks of social […]

The post Google’s Salesforce Instances Hacked in Ongoing Attack – Hackers Exfiltrate User Data appeared first on Cyber Security News.

Organisational culture, as we know it, isn’t built overnight. It takes shape over time through decisions, habits and…