Aggregator

快速浏览！2025.6.16—6.22安全动态周回顾。

近日，北京华云安信息技术有限公司宣布完成数千万元的B+轮融资。

Anubis攻击始于带有恶意链接或附件的网络钓鱼电子邮件。

私有 AI 辅助编程编辑器如 Cursor 和 GitHub Copilot 的开源替代 Void IDE 最近释出了 Beta 版本。Void IDE 是 VS Code 的分支，旨在解决私有 AI 辅助编程工具的安全隐私和费用问题。闭源编辑器可能需要通过后端发送私有代码数据，这会带来隐私问题，另一个问题是持续的订阅费用。Void IDE 提供了多种选项，确保开发者能控制自己的数据。它能利用多种大模型，支持集成 Claude、GPT 和 Gemini 等服务，也支持通过 Ollama 本地部署大模型，可以在本地执行 AI 处理，也可通过 API 调用，避开了第三方中间人。

A vulnerability classified as critical has been found in MediaLibrary Free 4.0.12 on Joomla. This affects an unknown part. The manipulation of the argument id/mid as part of Parameter leads to sql injection. This vulnerability is uniquely identified as CVE-2018-5971. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and enable privilege escalation within cloud environments. The vulnerabilities, rooted in misconfigurations and excessive container privileges, highlight the ongoing challenges of securing Kubernetes-based container platforms at scale. Amazon EKS is a managed service that simplifies running […]

The post Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks. The vulnerability tracked as, CVE-2025-52464, flaw stems from duplicated encryption keys and insufficient randomness during key generation.  The issue affects multiple hardware platforms and poses significant risks to users relying on Meshtastic […]

The post Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Microsoft Windows Server 2008/Vista. This issue affects some unknown processing of the component TIFF Image Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2013-3906. The attack may be initiated remotely. Furthermore, there is an exploit available. Due to its background and reception, this vulnerability has an historic impact. It is recommended to apply a patch to fix this issue.

本文通过分析和调试源码来学习 peach 模糊测试工具的使用。

A vulnerability was found in spytrap-org spytrap-adb up to 0.3.4. It has been classified as problematic. Affected is an unknown function of the file scan.rs of the component Interactive User Interface. The manipulation leads to omission of security-relevant information. This vulnerability is traded as CVE-2025-52926. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar Santos is a Distinguished Engineer at Cisco focusing on AI security, research, incident response, and vulnerability disclosure. Savannah Lazzara is a Security Engineer at Amazon, and co-lead of Red Team Village. Wesley Thurner is a Principal Security Engineer at Intuit. Inside the book The … More →

The post Review: Redefining Hacking appeared first on Help Net Security.

A vulnerability has been found in Photo Gallery 1.2.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2014-9312. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in spytrap-org spytrap-adb up to 0.3.4. It has been classified as problematic. Affected is an unknown function of the file scan.rs of the component Interactive User Interface. The manipulation leads to omission of security-relevant information. This vulnerability is traded as CVE-2025-52926. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

本文约3592字，预计阅读时间11分钟。2025年6月21日午夜，一场代号为"午夜之锤"的军事行动悄然改变了中东地缘政治的天平。

A vulnerability was found in Microsoft Word. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2025-47957. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

CoinMarketCap, the globally recognized cryptocurrency data aggregator, experienced a significant security incident when a vulnerability in its homepage doodle image was exploited to inject malicious code, leading to a phishing campaign targeting user wallets. Incident Overview The breach originated from a seemingly innocuous doodle image featured on CoinMarketCap’s homepage. Threat actors manipulated the backend API […]

The post CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

对于职业 FPS 玩家而言，精确瞄准至关重要，是决定其表现及胜负的关键。上海体育学院的研究人员在《Computers in Human Behavior》期刊上发表了一篇论文，探讨了有经验 FPS 玩家的瞄准优势。研究人员收集了 63 人的眼动数据，这 63 人包括 28 名有经验 FPS 玩家和 35 名非 FPS 玩家。结果显示，有经验 FPS 玩家的执行时间更快，眼动模式更高效。他们更频繁地表现出 0-注视-1-扫视模式，扫视一次但没有注视，同时表现出更少的多次校准调整模式。视觉搜索和眼手协调效率的改进可能是他们表现出众的原因。研究还发现，目标距离和出现延迟会显著影响任务表现和眼动行为。距离越远和时间不确定性越高，会对表现产生负面影响，时空相互作用在眼睛视网膜中央凹附近区域影响最大。

A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. This vulnerability was named CVE-2025-6502. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/fetchSelectedCategories.php. The manipulation of the argument categoriesId leads to sql injection. The identification of this vulnerability is CVE-2025-6503. The attack may be initiated remotely. Furthermore, there is an exploit available.

A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s Too Late, urges companies to prepare for a world where today’s encryption could be broken by quantum computers. But it’s not all doom and gloom. The report focuses on what can be … More →

The post Quantum risk is already changing cybersecurity appeared first on Help Net Security.