Aggregator

Весь Open VSX стал потенциальным оружием хакеров.

Hackers have begun actively exploiting a critical vulnerability that grants them full control over thousands of servers, including those performing vital functions in data centers. This alarming development has prompted a warning from the...

The post CISA Warns: Critical AMI MegaRAC Firmware Flaw (CVE-2024-54085, CVSS 10.0) Actively Exploited for Server Takeover appeared first on Penetration Testing Tools.

A vulnerability has been found in BuddyPress Docs Plugin up to 2.2.4 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Download File Handler. The manipulation leads to authorization bypass. This vulnerability was named CVE-2025-5526. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WP Map Block Plugin up to 2.0.2 on WordPress. This affects an unknown part of the component Block Option Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5194. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Responsive Lightbox & Gallery Plugin up to 2.5.1 on WordPress. Affected by this issue is some unknown functionality of the component Swipebox Library. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-5093. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Firelight Lightbox Plugin up to 2.3.15 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5035. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A critical security vulnerability has been discovered in multiple Mitsubishi Electric air conditioning systems, potentially allowing hackers to bypass authentication and remotely control affected units. The flaw, identified as CVE-2025-3699, was disclosed by Mitsubishi Electric on June 26, 2025, and has been assigned a maximum CVSS base score of 9.8, indicating its severity. Authentication Bypass […]

The post Mitsubishi Electric AC Flaw Lets Hackers Remotely Control Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is preparing a significant overhaul of the infamous Blue Screen of Death (BSOD) in Windows. As part of the Windows Resiliency Initiative, the iconic blue error screen will be replaced by a new...

The post Windows 11 Retires Blue Screen of Death: New Black Crash Screen Focuses on Faster Diagnostics appeared first on Penetration Testing Tools.

Google DeepMind 新开发的 AI 模型 AlphaGenome 能帮助科学家解析基因组序列中的“暗物质”——非编码区，了解它们如何影响细胞内部运作并导致癌症等疾病的发生。从事非商业工作的研究人员现可使用 API 通过 DeepMind 的服务器访问该模型。在人类基因组序列中，98% 是不直接参与蛋白质编码合成的基因，即非编码区，但它们可以影响蛋白质活性，并包含了大量与疾病相关的变异位点。弄清楚 DNA 序列的作用很难，因为没有现成的答案，就像 AlphaFold 预测蛋白质3D结构一样。从吸引一组细胞机器附着在染色体的特定部分并将附近的基因转录为 RNA 分子，到吸引影响基因表达发生地点、时间和程度的转录因子，单个 DNA 片段具有许多相互关联的作用。例如许多 DNA 序列通过改变染色体的 3D 形状影响基因活性，从而限制或简化转录机器的访问。几十年来，科学家开发了数十种 AI 模型理解基因组。其中许多都集中在单个任务上，例如预测基因表达水平或确定外显子是如何被剪切并拼接到不同蛋白质中的。而 AlphaGenome 正是一个“一体化”解释 DNA 序列的工具。AlphaGenome 可以处理多达 100 万个 DNA 碱基，这可能包括一个基因和无数个调节元件，并能针对多种生物特性进行数千次预测。而且，AlphaGenome在预测过程中对单个 DNA 碱基的变化十分敏感，这意味着科学家可以预测突变的影响。

有网友因相机电池无3C认证标志被机场安检员拦下，后经虹桥机场澄清新规仅针对充电宝等产品。

GreyNoise警告Progress MOVEit Transfer系统自5月27日起遭遇大量扫描活动，可能预示新一轮攻击。该工具常用于传输敏感数据，成为攻击目标。过去90天内标记682个IP地址，多数来自美国。已检测到针对CVE-2023-34362和CVE-2023-36934漏洞的低强度攻击尝试。建议用户封锁IP、更新软件并避免公开暴露系统。

Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data

A new wave of malicious npm packages has been uncovered, linked to the ongoing Contagious Interview operation, which has been attributed to North Korean threat actors. The discovery was made by the cybersecurity firm...

The post North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs appeared first on Penetration Testing Tools.

文章指出当前环境异常，需完成验证后方可继续访问。

文章指出当前环境出现异常，需完成验证后才能继续访问。

A cybercriminal group has begun exploiting the popular ConnectWise ScreenConnect software to craft malware bearing a legitimate digital signature, thereby enabling the covert installation of remote access tools on victims’ devices. This alarming tactic...

The post EvilConwi Unmasked: Hackers Weaponize Signed ConnectWise ScreenConnect Installers for Malware Deployment appeared first on Penetration Testing Tools.

Cybercriminals have launched a large-scale campaign dubbed OneClik, targeting companies in the energy, oil, and gas sectors. The attack leverages Microsoft’s legitimate ClickOnce technology and a custom-designed backdoor known as RunnerBeacon, allowing threat actors...

The post “OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector appeared first on Penetration Testing Tools.

The French police have carried out a sweeping operation targeting the organizers of the infamous cybercriminal forum BreachForums, which in recent years had become a major hub for the trafficking of stolen data. According...

The post French Police Bust BreachForums Organizers: “ShinyHunters,” “IntelBroker” & Others Arrested in Major Cybercrime Crackdown appeared first on Penetration Testing Tools.

Claroty的研究报告指出，医疗设备的网络安全风险日益增加，尤其是IoMT和OT设备的漏洞问题。俄罗斯网络犯罪集团如Black Basta和BlackCat/ALPHV频繁攻击医疗机构，利用双重勒索策略导致巨额损失。报告建议医疗机构优先保护关键系统，并采取五阶段行动计划提升整体网络安全水平。

微软发布KB5060829预览更新，适用于Windows 11 24H2版本，包含38项改进，包括任务栏优化和新增PC间文件迁移功能。该更新为可选非安全预览版，用户可通过设置或手动下载安装，并需注意中日韩文字在部分浏览器中可能显示模糊的问题。