Aggregator

A vulnerability was found in D-Link DWR-M972V 1.05SSG and classified as critical. Affected by this issue is some unknown functionality of the component SSH. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-22968. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in DDSN Acora CMS 10.1.1. This affects an unknown part. The manipulation of the argument table leads to sql injection. This vulnerability is uniquely identified as CVE-2025-22964. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in GatesAir Maxiva UAXT and Maxiva VAXT and classified as critical. This vulnerability affects unknown code of the file /logs/debug/xteLog of the component Web-based Management Interface. The manipulation of the argument sess_id leads to improper authentication. This vulnerability was named CVE-2025-22960. The attack can be initiated remotely. There is no exploit available.

近期威胁情报速览！

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component WebAudio. The manipulation as part of HTML Page leads to use after free. This vulnerability was named CVE-2019-13720. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GaleriaSHQIP 1.0. This affects an unknown part of the file index.php. The manipulation of the argument album_id leads to sql injection. This vulnerability is uniquely identified as CVE-2010-3207. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Cybersecurity researchers have uncovered a sophisticated new attack method called “ChoiceJacking” that allows malicious charging stations to steal sensitive data from smartphones and tablets, effectively bypassing security measures that have protected mobile devices for over a decade. The attack, discovered by researchers at Graz University of Technology in Austria, represents a significant evolution of the […]

The post ChoiceJacking Attack Let Hackers Compromise Android & iOS Devices via Malicious Charger appeared first on Cyber Security News.

美国国务院发布声明，国务院将与国土安全部合作撤销中国学生的签证，受影响的学生包括与中国共产党有联系、或在关键领域学习。国务卿 Marco Rubio 还表示将修改签证标准，加强审查中国大陆和香港的所有签证申请。中国是美国第二大国际学生来源国，仅次于印度。暂时不清楚美国将如何定义与党有联系的学生。

A vulnerability was found in Uniguest Tripleplay up to 24.2.0. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-50706. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Uniguest Tripleplay up to 24.2.0. Affected by this vulnerability is an unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument X-Forwarded-For leads to code injection. This vulnerability is known as CVE-2024-50707. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Uniguest Tripleplay up to 24.2.0 and classified as critical. This vulnerability affects unknown code of the component HTTP POST Request Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-50704. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2025-2061. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-2122. The attack can only be initiated within the local network. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-2151. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2308. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor plans to fix this issue in an upcoming release.

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. The identification of this vulnerability is CVE-2025-2120. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-2121. The attack can only be done within the local network. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

HackerNews 编译，转载请注明出处： 网络安全公司GreyNoise披露，新型僵尸网络“AyySSHush”已入侵全球超9000台华硕路由器，并同步针对思科、D-Link等品牌的SOHO设备。该活动最早于2025年3月中旬被发现，攻击手法呈现国家级黑客组织特征。 攻击者采用三重渗透策略： 暴力破解：尝试常见弱口令组合 身份验证绕过：利用老旧漏洞突破防线 漏洞利用：重点针对华硕RT-AC3100、RT-AC3200及RT-AX55型号设备，通过命令注入漏洞CVE-2023-39780植入SSH公钥 值得注意的是，攻击者通过官方功能添加密钥，使得配置更改在固件升级后仍保留。后门程序将SSH守护进程绑定至非常规端口53282，同时关闭系统日志与趋势科技AiProtection防护功能，实现隐蔽驻留。 法国安全公司Sekoia追踪的“Vicious Trap”活动与该僵尸网络存在技术重叠。攻击者除路由器外，还针对SSL VPN、DVR设备及基板管理控制器实施入侵。观察到恶意脚本通过重定向受控设备流量至第三方节点，但尚未发现DDoS攻击或流量代理行为，推测其正构建基础设施为后续攻击铺路。 华硕已发布受影响型号固件更新（具体发布时间因型号而异），建议用户： 立即升级至最新固件版本 检查路由器“authorized_keys”文件是否包含攻击者SSH密钥（IoC列表参见原文） 将关联IP地址（101.99.91[.]151等四组）加入防火墙黑名单 如遇可疑活动，执行恢复出厂设置并采用高强度密码重新配置 GreyNoise监测数据显示，过去三个月仅捕获30次恶意请求，但成功入侵设备达九千余台，显示攻击具备高度精准性。研究人员提醒，传统固件升级无法清除已植入的后门，彻底排查需结合日志审计与密钥验证。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文