Aggregator

A vulnerability marked as problematic has been reported in SQLite up to 3.50.1. The impacted element is an unknown function of the component Aggregate Term Handler. This manipulation causes numeric truncation error. This vulnerability is handled as CVE-2025-6965. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Perl up to 5.41.12. Affected by this issue is some unknown functionality. The manipulation leads to race condition. This vulnerability is referenced as CVE-2025-40909. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

/r/netsec 是一个由社区策划的信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的技术信息。

安普瑞斯无锡公司因擅自销售未经强制性认证的电芯被罚款23万元，并没收违法所得351.59万元。其违法行为包括代工生产未经认证的电芯、在3C证书暂停期间继续销售不符合要求的产品以及原材料变更后未重新认证擅自出厂销售。这些行为导致罗马仕、安克创新和小米等公司召回使用其电芯的移动电源。

A stealthy new malware loader dubbed TinyLoader has begun proliferating across Windows environments, exploiting network shares and deceptive shortcut files to compromise systems worldwide. First detected in late August 2025, TinyLoader installs multiple secondary payloads—most notably RedLine Stealer and DCRat—transforming infected machines into fully weaponized platforms for credential theft, remote access, and cryptocurrency hijacking. Analysts […]

The post New TinyLoader Malware Attacking Windows Users Via Network Shares and Fake Shortcuts Files appeared first on Cyber Security News.

A vulnerability was found in Rocket.Chat. It has been classified as problematic. Affected is an unknown function. Performing manipulation results in information disclosure. This vulnerability is reported as CVE-2025-7974. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Anritsu ShockLine. Affected by this issue is some unknown functionality of the component CHX File Parser. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-7976. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Anritsu ShockLine. This affects an unknown part of the component CHX File Parser. The manipulation results in path traversal. This vulnerability is known as CVE-2025-7975. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Aten eco DC. It has been classified as very critical. This affects an unknown function. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-6685. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Vacron Camera. It has been declared as critical. This vulnerability affects unknown code of the component Ping Command Handler. The manipulation results in command injection. This vulnerability is known as CVE-2025-8613. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in NoMachine. This impacts an unknown function. This manipulation causes uncontrolled search path. This vulnerability is registered as CVE-2025-8614. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Red Hat Cryostat 4 and classified as problematic. Impacted is an unknown function of the component HTTP API. Executing manipulation can lead to authentication bypass by alternate name. This vulnerability is tracked as CVE-2025-8415. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in Oxford Instruments Imaris Viewer. This vulnerability affects unknown code of the component IMS File Parser. Performing manipulation results in uninitialized pointer. This vulnerability is known as CVE-2025-9274. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in CData API Server and classified as problematic. Impacted is an unknown function of the component MySQL. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-9273. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability is referenced as CVE-2025-9829. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Other parameters might be affected as well.

A vulnerability was found in Bevy Event Service up to 2025-07-22. It has been rated as problematic. This affects an unknown part. Performing manipulation results in improper access controls. This vulnerability was named CVE-2025-54599. The attack may be initiated remotely. There is no available exploit.

文章推荐了9部二战相关影视作品，涵盖谍战、战争、历史等题材，通过不同视角展现战争中的英雄与普通人。包括《潜伏》《伪装者》《悬崖》《红色》等国产剧及《我们的父辈》《珍珠港》《芬妮的旅程》《乔乔的异想世界》等外国作品。

文章探讨了区块链中的共识算法，重点比较了Raft和Paxos算法在分布式系统中的应用及其优缺点。

История о том, как квантовая физика превратилась из теории в технологию будущего.

根据公共采购文件，美国移民和海关执法局（ICE）签约采购了以色列间谍软件公司 Paragon Solutions 的间谍软件。因为特朗普政府的反移民立场，ICE 被赋予了巨大的权力，该机构过去几个月被反复指控侵犯了美国居民的正当程序权利。Paragon Solutions 的间谍软件被称为 Graphite，其功能与 NSO Group 的 Pegasus 间谍软件相当，手机一旦感染就能被完全控制，能够访问 WhatsApp 和 Signal 等加密应用的信息。Graphite 能利用零点击漏洞，也就是目标不需要点击任何恶意链接就会被感染。加拿大多伦多大学公民实验室的 John Scott-Railton 认为，此类工具是为专制国家设计的，不应该用于民主国家。