Aggregator

A vulnerability, which was classified as problematic, has been found in Fortinet FortiWeb up to 6.3.20/6.4.2/7.0.2. This issue affects some unknown processing of the component HTTP Response Handler. The manipulation leads to http response splitting. The identification of this vulnerability is CVE-2022-42471. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks. Developers must update to react-router v7.5.2 immediately to mitigate risks. Key Vulnerabilities and Impacts 1. CVE-2025-43864: DoS via SPA Mode Cache Poisoning Attackers could […]

The post React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Как несколько секунд паники превратились в долгие часы расследований?

Allurity announces its acquisition of Croatian cybersecurity company Infigo IS. With deep technical expertise and one of southern Europe’s strongest offensive security teams, Infigo brings strengths that accelerate Allurity’s journey to become the preferred cybersecurity partner in Europe. Founded in 2005, Infigo has become one of the most respected cybersecurity companies in southern Europe, employing around 100 professionals. With a clear B2B focus from the start, Infigo supports clients across finance, high-tech manufacturing, critical infrastructure, … More →

The post Allurity acquires Infigo IS to strengthen its position in Europe appeared first on Help Net Security.

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities - CVE-2024-58136 (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP

中山大学与中科院团队首次揭示了全球变暖背景下气温冷暖翻转的新现象，即气温在几天内由异常偏暖快速转变为异常偏冷，或由异常偏冷快速转变为异常偏暖的极端事件。研究发现这类事件广泛分布于全球中高纬度地区。自 20 世纪中期以来，冷暖翻转事件频次增加、强度加剧、转变加快，且未来在高排放情景下，这一趋势将进一步加剧。如果不采取有效的气候变化缓解措施，人类将在更暖的未来面对更频繁且更剧烈的“过山车”式极端翻转事件及其叠加影响。

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding multiple severe vulnerabilities discovered in several Planet Technology networking products. The flaws, detailed in alert ICSA-25-114-06, could allow remote attackers to take control of affected devices, manipulate sensitive data, and gain unauthorized administrative access. What Products Are Affected? CISA’s […]

The post CISA Alerts Users to Security Flaws in Planet Technology Network Products appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

悬镜安全作为《报告》主要参编单位，凭借在信创产业卓越贡献，斩获网信自主创新尖锋榜“金风帆奖”。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

Один неожиданный ход обещает очистить веб от лишнего шума.

悬镜安全作为《报告》主要参编单位，凭借在信创产业卓越贡献，斩获网信自主创新尖锋榜“金风帆奖”。

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is handled as CVE-2025-4039. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-4038. Attacking locally is a requirement. Furthermore, there is an exploit available.

日本三菱重工业宣布将于 6 月 24 日在鹿儿岛县种子岛宇宙中心发射 H2A 的 50 号机。这是最后一枚该型号火箭。预定发射时间为凌晨1点33分至1点52分，备用窗口期为6月25日至7月31日。火箭将搭载日本“温室气体和水循环观测技术卫星”（GOSAT-GW）。H2A 火箭是由日本宇宙航空研究开发机构（JAXA）与三菱重工联合开发的两级液体燃料火箭，2001 年以来的49 次发射中有 48 次取得成功，成功率约 98%，具有很高的可靠性。5 0号机发射后，日本的主力火箭将由 2023年投入使用的“H3”接棒。

不久之前，在美国科技行业工作还意味着薪水丰厚工作有保障。如今科技业的工作和其它行业没什么区别，员工还担心被裁员，他们的工作时间更长，薪水基本不变，但职责越来越多。员工发现自己在同时做被解雇同事的工作。一部分人被解雇后又被返聘，但返聘的职位没有加薪的资格也没有股票激励。如果要求加薪他们可能会被再次解雇。科技行业的资深员工表示，他们觉得自己已经不认识自己工作的公司了。管理层致力于实现华尔街预期的业绩。科技巨头的营收强劲，但正将大量资源投入到昂贵的 AI 基础设施建设中，给现金流带来了压力。Meta一位被返聘的员工被归类为“短期员工”。合同可续签，但没有绩效加薪、晋升或股票，她现在的工作量过去通常由几个人分摊。公司将这种额外的工作责任称之为“敏捷性”。根据 Layoffs.fyi 的统计数据，2025 年逾超 100 家公司的逾 5 万名员工被解雇。科技行业的从业者和其它行业的员工一样处于痛苦状况中。

A security researcher has uncovered a critical vulnerability in iOS, Apple’s flagship mobile operating system. The flaw, CVE-2025-24091, which leverages the long-standing but little-known “Darwin notification” system, allows any app-including those confined by Apple’s usually strict sandbox restrictions push the entire device into an inescapable “restore in progress” state with a single line of code. […]

The post New iOS Vulnerability Could Brick iPhones with Just One Line of Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. This vulnerability is traded as CVE-2025-4037. Local access is required to approach this attack. Furthermore, there is an exploit available.

Submit #559345 / VDB-306404

A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-4036. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.