Aggregator

A vulnerability was found in comfyanonymous comfyui up to 0.2.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /internal/models/download. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-12882. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-8184. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. This vulnerability is known as CVE-2025-8204. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998.179. This affects an unknown part of the component IP DNS Leakage Detector. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8206. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-8169. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in GLPI up to 10.0.17. Affected is an unknown function of the component PHP File Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-24801. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in corydolphin flask-cors up to 4.01 and classified as problematic. This issue affects the function try_match of the component Request Path Handler. The manipulation leads to improper handling of case sensitivity. The identification of this vulnerability is CVE-2024-6866. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in corydolphin flask-cors up to 4.0.2/5.0.1 and classified as problematic. This issue affects the function unquote_plus of the file flask_cors/extension.py. The manipulation leads to business logic errors. The identification of this vulnerability is CVE-2024-6844. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Zoom Workplace App, Meeting SDK and Video SDK up to 6.2.9 on Linux. Affected by this issue is some unknown functionality. The manipulation leads to type confusion. This vulnerability is handled as CVE-2025-0147. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Zom Workplace App, Rooms Client, Rooms Controller, Meeting SDK and Video SDK up to 6.2.9 on macOS. This affects an unknown part. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2025-0146. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Bitdefender发现大华多款网络摄像机存在高危安全漏洞（CVE-2025-31700和CVE-2025-31701），攻击者可无需验证远程接管设备并利用其组成僵尸网络。大华已发布固件修复，但部分用户可能未更新，导致设备被Mirai蠕虫感染并用于DDoS攻击或其他恶意活动。

文章描述了一个技术问题：用户在访问网站时遇到了错误代码521。该错误通常由Cloudflare引起，表示Web服务器无法连接到源站服务器。常见原因包括源站服务器关闭、网络连接问题或防火墙设置阻止了连接。解决方法包括检查源站状态、确认网络配置和联系主机提供商以排查问题。

HackerNews 编译，转载请注明出处： 与朝鲜有关的威胁组织UNC4899被指通过LinkedIn和Telegram接触两家不同企业的员工实施攻击。谷歌云部门在《2025年下半年云威胁地平线报告》[PDF]中表示：“UNC4899以软件开发的自由职业机会为幌子，利用社会工程技术成功说服目标员工在其工作站执行恶意Docker容器。” UNC4899与Jade Sleet、PUKCHONG、Slow Pisces及TraderTraitor等组织存在活动重叠。该国家级攻击组织自2020年起活跃，以针对加密货币和区块链行业著称，涉及多起重大加密货币盗窃案，包括2022年3月Axie Infinity（6.25亿美元）、2024年5月DMM Bitcoin（3.08亿美元）以及2025年2月Bybit（14亿美元）的黑客事件。 其攻击手段还包括利用JumpCloud基础设施攻击加密货币领域下游客户。据DTEX称，TraderTraitor隶属于朝鲜侦察总局第三局，在加密货币盗窃方面是平壤黑客组织中最高效的团体。该组织常以工作邀约为诱饵或上传恶意npm软件包，通过高薪合作机会或GitHub项目协作邀请目标企业员工，诱导其执行恶意npm库。 云安全公司Wiz本周报告强调：“TraderTraitor持续关注云平台及周边攻击面，最终目标通常是云平台客户而非平台本身。”谷歌观察到的攻击针对企业的谷歌云和AWS环境：攻击者首先部署GLASSCANNON下载器，进而植入PLOTTWIST和MAZEWIRE后门以连接攻击者控制服务器。 在谷歌云攻击案例中，攻击者使用窃取的凭证通过谷歌云CLI匿名VPN远程操作，进行大规模侦察和凭证窃取，但因受害者启用多因素认证（MFA）受阻。谷歌指出：“UNC4899发现受害者账户拥有谷歌云项目管理权限后，直接禁用MFA要求。成功访问目标资源后，他们立即重新启用MFA以规避检测。” 针对AWS受害者的入侵采用类似手法，攻击者通过AWS凭证文件获取长期访问密钥远程操作AWS CLI。尽管遭遇访问控制限制，谷歌发现攻击者可能窃取了用户会话cookie，借此识别相关CloudFront配置和S3存储桶。“利用其访问权限固有的管理权限，攻击者将含恶意代码的JavaScript文件上传替换原有文件，旨在操纵加密货币功能并触发与目标组织加密货币钱包的交易。”最终两起攻击均成功窃取价值数百万美元的加密货币。 同期，Sonatype公司表示2025年1月至7月已拦截234个朝鲜Lazarus组织发布的恶意npm和PyPI软件包。部分软件包会投放已知凭证窃取程序BeaverTail（与长期活动Contagious Interview相关）。该软件供应链安全公司指出：“这些软件包伪装成流行开发工具，实则为间谍植入程序，用于窃取机密、分析主机并在关键基础设施建立持久后门。2025年上半年活动激增表明Lazarus战略转向：正以惊人速度将恶意软件直接嵌入npm和PyPI等开源软件包注册平台。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The Unit 42 Attribution Framework, unveiled on July 31, 2025, transforms what has traditionally been considered “more art than science” into a structured methodology for analyzing and categorizing cyber threats. […]

The post Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity appeared first on Cyber Security News.

Nintendo Switch 2隐藏的浏览器可通过设置公共DNS服务器45.55.142.122解锁。该方法利用CaptiveDNS项目模拟网络认证页面，使设备弹出内置浏览器。用户可借此访问互联网或测试屏幕功能。

以铁血丹心 铸钢铁长城 怀家国大爱 守盛世太平

2008年印度马莱冈爆炸案中，七人被指控为凶手并最终无罪释放。嫌疑人普拉吉亚·塔库尔曾被指控参与爆炸案及另一起谋杀案，均因证据不足获释。她曾担任国会议员，在任期间因发表争议性言论引发关注，并多次因健康原因缺席庭审。

A sophisticated cyber campaign leveraging legitimate Remote Monitoring and Management (RMM) tools has emerged as a significant threat to European organizations, particularly those in France and Luxembourg. Since November 2024, threat actors have been deploying carefully crafted PDF documents containing embedded links to RMM installers, effectively bypassing traditional email security measures and malware detection systems. […]

The post Threat Actors Embed Malicious RMM Tools to Gain Silent Initial Access to Organizations appeared first on Cyber Security News.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证