Aggregator

Interlock是一种相对较新的勒索软件，于9月份出现，并在全球范围内对受害者进行了多次攻击，其中许多是针对医疗机构的。

该漏洞被CVE-2024-3721跟踪，是安全研究人员netsecfish于2024年4月披露的一个命令注入漏洞。

A vulnerability was found in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. It has been classified as problematic. Affected is an unknown function of the component SD-WAN Interface. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is traded as CVE-2025-4229. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in yangyouwang crud 1.0.0 and classified as problematic. This issue affects some unknown processing of the component Role Management Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-44091. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Palo Alto Prisma Access Browser 132.83.3017.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to use of cache containing sensitive information. This vulnerability was named CVE-2025-4233. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Dell iDRAC Tools. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-27689. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Palo Alto GlobalProtect App up to 6.0.0/6.1.0/6.2.8-h1/6.3.2. Affected by this issue is some unknown functionality of the component Log Collection. The manipulation leads to improper neutralization of wildcards or matching symbols. This vulnerability is handled as CVE-2025-4232. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Palo Alto Cortex XDR Broker VM up to 27.0.25. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect privilege assignment. This vulnerability is known as CVE-2025-4228. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Acer ControlCenter up to 4.00.3056. Affected is an unknown function of the component Named Pipe Handler. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-5491. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in pcsx2 up to 2.3.413. It has been rated as critical. This issue affects the function Kprintf_HLE of the component Disc Image Handler. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-49589. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VMware Avi Load Balancer up to 31.1.1-2p1. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-41233. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto Cloud NGFW, PAN-OS and Prisma Access. It has been classified as critical. This affects an unknown part of the component CLI. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-4230. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in VMware Spring Framework up to 6.0.28/6.1.20/6.2.7 and classified as problematic. Affected by this issue is some unknown functionality of the component org.springframework.http.ContentDisposition. The manipulation of the argument Content-Disposition leads to http response splitting. This vulnerability is handled as CVE-2025-41234. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Palo Alto Cloud NGFW, PAN-OS and Prisma Access and classified as critical. Affected by this vulnerability is an unknown functionality of the component Management Web Interface. The manipulation leads to command injection. This vulnerability is known as CVE-2025-4231. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

在《Lex Fridman Podcast》最新一期超过两小时的访谈中，谷歌CEO桑达尔·皮查伊深度分享了从个人成长到AI战略的核心思考。一年前面临"落后批评"时，皮查伊坚持"信号降噪"原则，将外界噪音与核心技术数据分离，果断合并DeepMind与Google Brain两大研究团队，推动谷歌重回AI领先地位。他认为AI是比火与电更深远的技术革命，因其具备递归自我改进的独特能力，将极大降低创意实现门槛，实现创造力的民主化。针对AGI时间表，皮查伊预测略晚于2030年实现，但到2030年必将取得巨大进步。对于AI末日概率P(Doom)，他持谨慎乐观态度，相信当威胁足够大时会激发全人类集体智慧应对。皮查伊还透露了谷歌搜索AI化策略，通过"主干-分支"模式平衡稳定与创新，并展望了Android XR眼镜等未来产品。访谈展现了这位"非典型CEO"如何以克制而坚定的领导风格，引领谷歌在AI时代的转型。

Вебинар состоится 17 июня в 14:00.

GenAI has been the star of the show lately. Tools like ChatGPT impressed everyone with how well they can summarize, write, and respond. But something new is gaining ground: agentic AI. These systems don’t just answer questions. They make decisions, take action, and in some cases, even work together to get things done. Naturally, CISOs are starting to ask the big question: can we trust it to be secure? Agentic AI has the potential to … More →

The post What CISOs need to know about agentic AI appeared first on Help Net Security.

Google Cloud "уронил" пол интернета, включая Cloudflare и ИИ-сервисы.

78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential. Public sector flaw remediation timeline based on survival analysis (Source: Veracode) Public sector security debt exceeds industry average The research reveals that public sector entities require an average of 315 days to fix half their software vulnerabilities, significantly higher … More →

The post Security flaws in government apps go unpatched for years appeared first on Help Net Security.

株式会社リコーが提供するRICOH Streamline NX PC Clientには、複数の脆弱性が存在します。