Aggregator

A vulnerability classified as problematic has been found in IDevSpot PhpLinkExchange 1.01. This affects an unknown part of the file index.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is uniquely identified as CVE-2008-3679. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

为减少噪音问题，关闭自发布功能，改为每周统一的问题线程。适合讨论逆向工程相关问题，涉及特定工具或目标建议转至StackExchange或r/AskReverseEngineering。

Последний гвоздь в крышку старых лазеров: создана установка без слабых мест.

月之暗面开源的Kimi K2模型表现优异，Perplexity AI计划基于其进行后训练以提升搜索服务，但需时间完成微调。该模型已获社区广泛关注，并在OpenRouter上排名靠前。

由于无人机技术的快速创新，乌克兰战争前线日益陷入僵局。交战双方都有数百架无人机在 1200 公里长的前线上空盘旋。无人机能将各种物质，包括食物、水、弹药、移动电源甚至偶尔还有灭火器，运送到前线，士兵们无需面临对方无人机的袭击而去穿越战场中最危险的部分。在战争中，没有一项创新会比第一人称视角（FPV）无人机影响更大。FPV 无人机能捆绑炸药，直接飞向目标，变成低成本自杀式炸弹。虽然爆炸威力不如火箭弹，但精度更高，且制造成本低廉能大规模部署。俄罗斯也在乌克兰之后开始采用 FPV 无人机。FPV 无人机的大规模使用对减缓前线的移动速度起到了关键作用。FPV 无人机很难被击落，主要防御手段是无线电干扰。虽然大部分无人机创新源自乌克兰，但俄罗斯首先实现了 FPV 无人机的一项重要改进：为其引入了连接无人机和操作人员的光纤去对抗干扰。

Работаешь честно — получаешь копейки, воруешь — тебе дают ещё.

In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity standards. Hodges also explains how conformance testing and strategic partnerships help maintain security and interoperability across sectors. What role does the OpenID Foundation play in ensuring global consistency in FAPI 2.0 implementations, especially in sectors like healthcare that haven’t … More →

The post FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare appeared first on Help Net Security.

In 2025, passwordless authentication tools are transforming digital security by eliminating the need for traditional passwords and introducing advanced, user-friendly authentication methods. With cyber threats on the rise and user experience at the forefront, organizations are rapidly adopting these solutions to safeguard sensitive data, reduce breaches, and streamline access for employees and customers alike. Passwordless […]

The post Top 11 Passwordless Authentication Tools – 2025 appeared first on Cyber Security News.

Grok-4 has been jailbroken using a new strategy that combines two different jailbreak methods to bypass artificial intelligence security measures. This raises concerns over the vulnerability of large language models (LLMs) to sophisticated adversarial attacks. Key Takeaways1. Researchers merged Echo Chamber and Crescendo jailbreak techniques to bypass AI safety mechanisms more effectively than individual methods.2. […]

The post Grok-4 Jailbreaked With Combination of Echo Chamber and Crescendo Attack appeared first on Cyber Security News.

Microsoft добавила в Windows функцию аварийной реанимации.

A vulnerability was found in Oracle JD Edwards EnterpriseOne Tools 9.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Runtime SEC. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2019-11358. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

提现3天到账，AI填表1分钟搞定

A vulnerability, which was classified as problematic, has been found in ASUSTOR ADM up to 4.3.3.RH61/5.0.0.RIN1. This issue affects some unknown processing of the component Folder Name Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-7380. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in py-libp2p up to 0.2.2. This vulnerability affects unknown code of the component RSA Key Handler. The manipulation leads to allocation of resources. This vulnerability was named CVE-2025-29606. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in SugarCRM up to 13.0.3/14.0.0. This affects an unknown part of the component API Module. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-58258. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/24.3 RTM1/25.1 RTM0. It has been rated as critical. Affected by this issue is some unknown functionality of the component GPU Driver. The manipulation leads to use of out-of-range pointer offset. This vulnerability is handled as CVE-2025-25180. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OMRON Machine Automation Controller NJ-series, Machine Automation Controller NX-series and Sysmac Studio Software. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to least privilege violation. This vulnerability is known as CVE-2025-1384. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in DSIC Cross-browser Components for Official Document Creation up to 1.6.8. It has been classified as problematic. Affected is an unknown function. The manipulation leads to download of code without integrity check. This vulnerability is traded as CVE-2025-7620. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WellChoose BatchSignCS up to 3.318 and classified as critical. This issue affects some unknown processing. The manipulation leads to relative path traversal. The identification of this vulnerability is CVE-2025-7619. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Hgiga iSherlock-maillog-4.5, iSherlock-smtp-4.5, iSherlock-maillog-5.5 and iSherlock-smtp-5.5 and classified as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2025-7451. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.