Aggregator

A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting. This vulnerability is traded as CVE-2025-8501. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. This vulnerability is known as CVE-2025-8502. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in OISF libhtp up to 0.5.50. This affects an unknown part of the file suricata.yaml. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-53537. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cybozu Garoon up to 5.15.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-31401. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in significant-gravitas autogpt up to 0.5.0. This issue affects some unknown processing of the file workflow-checker.yml of the component Pull Request Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-8156. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.5.4/17.6.2/17.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to inefficient algorithmic complexity. This vulnerability is known as CVE-2024-6324. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.5.4/17.6.2/17.7.0 and classified as problematic. This vulnerability affects unknown code of the component Public Project Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12431. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Wireshark up to 3.6.22/4.0.14/4.2.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component editcap. The manipulation leads to mismatched memory management routines. This vulnerability is known as CVE-2024-4853. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

台积电指控前雇员窃取 2 纳米芯片制程技术机密，而苹果 iPhone 18 系列使用的 A20 芯片是首批采用 2 纳米工艺的芯片。报道称，台积电日前发现制程技术疑遭外流后，立即向高检署提告，检方经追查后，指挥调查局上月 25 日及 28日 发动多波搜索及约谈行动，目前已知有一名陈姓离职工程师，及近 10 名台积电先进制程试产及研发工程师涉案，此名陈姓工程师曾在台积电系统整合部门任职，离职后转往台积电长期合作的日商东京威力科创担任设备工程师，因陈与台积电目前先进制程相关研发人员熟识，因此负责与台积电研发部门对接。据悉，陈与台积电研发部门有密切往来，加上熟识研发人员，目前已查出陈窃密的方式，是由台积电工程师打开电脑屏幕出示制程技术图样，陈再以手机直接拍照，据了解，陈直接从吴姓等两名工程师电脑屏幕上，分别拍摄了 700 多张、近 300 张制程技术照片，另外有几位台积电工程师，也提供拍摄较不具机密性的个位数的制程图，情节较轻，因此未被声押。

Гидрид гелия рушит старые истины о звёздах 13 млрд лет спустя.

Security researchers discovered 28 distinct zero-day vulnerabilities, seven of which were expressly directed at artificial intelligence infrastructure, in a startling discovery made during the 2025 Pwn2Own Berlin event, which was organized by Trend Micro’s Zero Day Initiative. This inaugural AI category focused on developer toolkits, vector databases, and model management frameworks, highlighting the fragility of […]

The post Surge in Cyber Attacks Targeting AI Infrastructure as Critical Vulnerabilities Emerge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ExtraHop unveiled new innovations to accelerate incident response, offering an understanding of cyberattacks by linking disparate detections to compromised identities. As threat actors increasingly weaponize user identities to carry out their attacks, exploiting identity directory services like Active Directory and leveraging stolen credentials, security analysts struggle to understand their movements. Without knowing who is behind a suspicious action, they cannot connect the dots of an attack’s progression or accurately assess the full scope of a … More →

The post ExtraHop helps SOCs connect the dots with identity-driven detection appeared first on Help Net Security.

SecAlliance highlighted the evolution in smishing campaigns orchestrated by Chinese syndicates, which exploit digital wallet tokenization

Cymulate announced the new Cymulate Exposure Management Platform, which validates, prioritizes and optimizes the entire security ecosystem – continuously. The new Cymulate platform unifies exposure data and integrates threat validation results to accelerate existing SecOps, detection engineering and exposure management workflows. The new Cymulate Exposure Management Platform prioritizes remediation action by correlating data from multiple vulnerability scanners and exposure discovery tools with proof of exploitability from threat validation and compensating security controls. To prioritize threats, … More →

The post Cymulate’s new platform turns threat validation into smarter defense appeared first on Help Net Security.

A critical vulnerability in Streamlit, the popular open-source framework for building data applications, enables attackers to conduct cloud account takeover attacks.  The flaw, discovered in February 2025, exploits weaknesses in Streamlit’s st.file_uploader component to bypass file type restrictions and gain unauthorized access to cloud instances running Streamlit applications. The vulnerability demonstrates how seemingly minor components […]

The post New Streamlit Vulnerability Allows Hackers to Launch Cloud Account Takeover Attacks appeared first on Cyber Security News.

日本京都大学的科学家研发出一种效力与吗啡相当但无严重副作用的止痛药。吗啡常被癌症患者使用，它有呼吸困难和成瘾等严重副作用。新药物 Adrian 的工作原理与吗啡和现有的合成阿片类药物完全不同，研究团队声称有望彻底改变医学领域的疼痛控制，有助于解决阿片类药物滥用问题。当人遭遇危及生命的情况时，大脑会分泌去甲肾上腺素(norepinephrine)去抑制疼痛。新研究集中在是人体调节去甲肾上腺素过度分泌的机制。研究团队通过引入新技术首次成功研发出一种能阻断这种调控的药物。科学家计划 2026 年在美国开展临床试验，2028 年投入实用。

Manifest Cyber introduced Manifest AI Risk, the latest module part of the Manifest Platform, designed to help security and compliance teams secure their AI supply chains. The Manifest Platform is already used by Fortune 500 companies and critical government agencies. With the launch of AI Risk, Manifest delivers a solution designed specifically for AI transparency at enterprise scale, addressing the gap left by traditional security vendors and AI startups who either treat AI as separate … More →

The post Manifest AI Risk turns weeks of model vetting into two clicks appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in Emsisoft Anti-Malware 2018.8.1.8923. This affects an unknown part of the component Scanning Module. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-29745. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Experts, including Allan Friedman, CISA's leading voice on SBOMs until July 2025, emphasized that AI BOMs should be standardized before being implemented