Aggregator

Alleged Sale of GPS System Access to Sofia Metropolitan Inspectorate

Microsoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI). [...]

Flaw in Base44 allowed unauthorized access to private apps, bypassing authentication systems

Allianz Life Insurance confirms a July 2025 data breach impacting 1.4 million customers, financial pros and employees. Learn how social engineering exploited a third-party CRM, the hallmarks of Scattered Spider tactics, and the broader risks of supply chain vulnerabilities.

France’s leading telecommunications giant Orange confirmed on Monday that it detected a significant cyberattack targeting one of its information systems on Friday, July 25, 2025. The incident has resulted in widespread service disruptions affecting both corporate customers and consumer services, primarily within France. The attack prompted immediate action from Orange’s security teams, working in collaboration […]

The post Orange Hit by Cyberattack – A French Telecom Giant’s Internal Systems Hacked appeared first on Cyber Security News.

Meta 被图书作者指控从影子书库下载了至少 81.7 TB 电子书训练其 AI 模型，但 Meta 坚称它没有做种没有上传和共享电子书。现在成人网站 Strike 3 Holdings 指控 Meta 不仅下载了成人视频还做种了。Strike 3 Holdings 称对其私有 BitTorrent 跟踪工具的分析发现，Meta 至少从 2018 年起 BT 下载和做种受版权保护的成人视频，至少有意侵权了 2,396 部电影。Strike 3 Holdings 称 Meta 此举是通过做种热门成人内容尽可能快的下载数 TB 的电子书，Meta 做种的时间数天、数周甚至数月。部分成人电影可能还被秘密用于训练 AI 模型。Strike 3 Holdings 称 Meta 利用的是 BitTorrent 协议中名叫 tit-for-tat 的激励机制。Strike 3 Holdings 寻求巨额赔偿，申请禁令永久阻止 Meta 盗版其视频。

Вебинар пройдёт 31 июля в 11:00.

Over the past year, a previously quiet Chinese threat cluster has surged onto incident-response dashboards worldwide, pivoting from single zero-day hits to an industrialized pipeline of weaponized vulnerabilities. First detected targeting unpatched Fortinet SSL-VPN appliances in late-2024, the group—dubbed “Goujian Spider” by incident handlers—now blends rapid vulnerability acquisition with skillful post-exploitation automation, breaching defense contractors, […]

The post Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets appeared first on Cyber Security News.

De maritieme omgeving in het Noordpoolgebied en het Hoge Noorden verandert in rap tempo. Het smelten van zee-ijs leidt bijvoorbeeld tot nieuwe scheepvaartroutes. Het zorgt er ook voor dat natuurlijke bronnen makkelijker toegankelijk zijn. Dat vraagt om bescherming van kritieke zeevaartroutes en het waarborgen van de vrijheid van navigatie in de regio. De NAVO opereert daarom momenteel met een maritieme taakgroep in het gebied.

​李想需要再次验证自己的「爆款法则」。

Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. [...]

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org"). "This is

A vulnerability classified as problematic was found in run-llama llama_index up to 0.3.5. Affected by this vulnerability is the function get_article_urls of the component KnowledgeBaseWebReader. The manipulation of the argument max_depth leads to resource consumption. This vulnerability is known as CVE-2025-1752. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Artica Pandora FMS up to 5.0 SP2. It has been classified as critical. This affects an unknown part of the file mobile/index.php of the component File Manager Component. The manipulation of the argument loginhash_data leads to sql injection. This vulnerability is uniquely identified as CVE-2014-125115. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in MicroWorld eScan Web Management Console 5.5-2. It has been rated as critical. This issue affects some unknown processing of the file login.php of the component Password Handler. The manipulation of the argument pass leads to os command injection. The identification of this vulnerability is CVE-2014-125118. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in HybridAuth up to 2.2.2. This affects an unknown part of the file config.php of the component Configuration Handler. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2014-125116. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in GetSimpleCMS 3.2.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file upload.php of the component Request Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2013-10032. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Samsung Security Manager 1.32/1.40. It has been classified as critical. Affected is an unknown function of the component Apache ActiveMQ. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2016-15046. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in i-Ftp 2.20. This affects an unknown part of the file Schedule.xml. The manipulation of the argument Time leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2014-125114. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Sitecore JSS React Sample Application up to 14.0.1. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2020-36850. It is possible to initiate the attack remotely. There is no exploit available.