Aggregator

快速浏览！2025.6.26—6.1安全动态周回顾。

Cetus Protocol的总交易量为570亿美元（截至2025年5月），超过1500万个账户在平台上执行了1.44亿笔交易。

中国各大城市出现了一种新的商业模式：向失业者收费，租用办公桌假装工作，以应对青年失业率上升带来的社会压力。假装上班公司招聘帖文案几乎是同一个模板：“如果你失业了，想瞒住家里人，可以来我这里假装上班。这边能提供工位，你可以在这里玩手机，我会定期巡视，让你有上班摸鱼的快感。我会假装给你布置工作，你可以用任何理由拒绝，并把方案摔在我的办公桌上。一天只需要××元，‘早10晚5’不用打卡，就算我求你加班，你也能头也不回地走掉。”这类公司收费 30—60 元/天，工作环境看起来和普通白领上班的公司无异，提供 Wi-Fi、饮用水、电脑、空调，有些还能包一顿午饭，如果是空间大一点的公司，“应聘者”甚至能加钱解锁在公司“加班通宵”的体验。根据国家统计局的数据，2025 年 3 月，16-24 岁青年的失业率为 16.5%，一季度城镇失业率为 5.3%。

Submit #584492 / VDB-310927

Submit #584491 / VDB-310926

Submit #584490 / VDB-310925

Submit #584489 / VDB-310924

Submit #584488 / VDB-310923

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. This vulnerability is handled as CVE-2025-5508. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. This vulnerability is known as CVE-2025-5507. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. This vulnerability is traded as CVE-2025-5506. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. The identification of this vulnerability is CVE-2025-5505. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Почему производители смартфонов молчат о главной угрозе.

A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. This vulnerability was named CVE-2025-5504. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #584671 / VDB-310922

Submit #584664 / VDB-310921

Submit #584663 / VDB-310920

Submit #584662 / VDB-310919

According to the latest advisory by Cert-In, 78 vulnerabilities have been discovered across a broad range of Microsoft products, including Windows, Azure, MS Office, Developer Tools, Microsoft Apps, System Center, Dynamics, and even legacy products receiving Extended Security Updates (ESU). These flaws pose serious security threats, as they can be exploited by attackers to gain […]

The post Multiple High-Risk Vulnerabilities in Microsoft Products appeared first on Kratikal Blogs - Information Hub For Cyber Security Experts.

The post Multiple High-Risk Vulnerabilities in Microsoft Products appeared first on Security Boulevard.

Submit #584660 / VDB-310918