Aggregator

Разработчики верят звёздам, а зря.

叮咚！您有一封邀请函，待查收～

美国空军部未来网络战略概述六大关键目标

官方称目前客户数据未受损害

事件仍在调查中

该漏洞不仅仅与命名空间的抢注问题有关，而是一个系统性的供应链漏洞，影响AI发展的根基。

Cybersecurity researchers have identified a sophisticated new command-and-control framework that exploits legitimate Google Calendar APIs to establish covert communication channels between attackers and compromised systems. The MeetC2 framework, discovered in September 2025, represents a concerning evolution in adversarial tactics where threat actors abuse trusted cloud services to bypass traditional security controls and evade detection mechanisms. […]

The post Hackers Leverages Google Calendar APIs With Serverless MeetC2 Communication Framework appeared first on Cyber Security News.

点击文章，学习 Yakit 新功能啦！

A vulnerability has been found in Emumail Emu Webmail 5.0 and classified as problematic. This affects an unknown function of the file emumail.cgi. The manipulation of the argument To/From leads to basic cross site scripting. This vulnerability is listed as CVE-2002-1526. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability was found in Emumail Emu Webmail 5.0 and classified as problematic. This impacts an unknown function of the file emumail.cgi of the component Error Message Handler. The manipulation results in information disclosure (Path). This vulnerability is cataloged as CVE-2002-1527. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Mondosoft Mondosearch 4.4. It has been classified as critical. Affected is an unknown function of the file msmmask.exe. This manipulation of the argument mask causes information disclosure (Source). This vulnerability is registered as CVE-2002-1528. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability described as problematic has been identified in SurfControl Superscout Email Filter 4.0. Affected is an unknown function of the file msgError.asp of the component Administrative Web Interface. Such manipulation of the argument Reason leads to basic cross site scripting. This vulnerability is listed as CVE-2002-1529. The attack may be performed from remote. In addition, an exploit is available.

VirusTotal uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system. VirusTotal researchers uncovered a phishing campaign using SVG files with hidden JavaScript to deploy fake Fiscalía General de la Nación login pages in Colombia and spread malware. VirusTotal noticed that, despite being outdated, SWF files are still abused in attacks. […]

A sophisticated cryptojacking campaign that hijacks Windows’ native Character Map utility (“charmap.exe”) to evade Windows Defender and covertly mine cryptocurrency on compromised machines. First detected in late August 2025, this attack exploits legitimate system binaries to load a custom cryptomining payload directly into memory, thwarting traditional antivirus signatures and curtailing forensic artifacts. Security researchers have […]

The post New Malware Exploits Windows Character Map to Evade Defender and Mine Crypto appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

DigitalOcean has announced support for Single Sign-On. This integration is designed to provide digital native businesses with secure authentication to their DigitalOcean accounts. DigitalOcean Single Sign-On (SSO) helps to centralize user access and makes user onboarding and offboarding seamless. It’s built on the industry-standard OpenID Connect (OIDC) protocol, ensuring secure and reliable authentication. SSO connects your existing Identity Provider (IdP) to DigitalOcean, starting with Okta and expanding to other leading IdPs in the future. For … More →

The post DigitalOcean adds Single Sign-On to help businesses centralize user access appeared first on Help Net Security.

根据发表在 PLOS One 期刊上的一项研究，上厕所时用智能手机会大幅增加痔疮风险。研究人员让 125 名计划接受结肠镜检查的参与者填写关于如厕习惯、整体健康状况和体育活动的问卷，然后检查参与者们结肠镜检查的图像，以确定他们是否患有痔疮。参与者年龄均超过 45 岁。2/3 参与者表示会在如厕时使用智能手机。在这项研究中，如厕玩手机的人中有 37% 在马桶上的平均停留时间超过 5 分钟，而不玩手机的人群中这一比例仅为 7%。也就是说，玩手机的人如厕时间超 5 分钟的可能性约为不玩手机者的 5 倍。在调整年龄和活动水平等因素后，研究团队得出结论，认为如厕时使用智能手机会使患痔疮风险增加 46%。痔疮的主要风险因素是如厕久坐。团队推测这是因为在这种姿势下，盆底肌肉获得的支撑没有坐在平坦表面时强。

A vulnerability, which was classified as critical, has been found in osCommerce 2.1/2.2 Cvs/2.2 Ms1/2.2 Ms2. The affected element is an unknown function of the file index.php of the component Web Cache. This manipulation of the argument goto causes authentication bypass by spoofing. This vulnerability is tracked as CVE-2005-1951. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Greywyvern Orca Forum up to 4.3b. Impacted is an unknown function of the file forum.php. Performing manipulation of the argument msg results in sql injection. This vulnerability is reported as CVE-2005-3815. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, was found in Greywyvern Orca Ringmaker up to 2.3c. This issue affects some unknown processing of the file ringmaker.php. Such manipulation of the argument Home leads to sql injection. This vulnerability is listed as CVE-2005-3940. The attack may be performed from remote. In addition, an exploit is available.