Aggregator

美国网络安全机构CISA新增两个高危漏洞至已知被利用漏洞目录：TP-Link Wi-Fi扩展器身份验证缺陷（CVE-2020-24363）和WhatsApp间谍软件攻击链（CVE-2025-55177），后者与苹果系统漏洞结合使用。修复版本已发布但设备已停产。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain

Темный двойник Земли, где органика танцует под дождем из смерти.

In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats, it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that attackers use to target your organization. Effective solutions provide crucial information on the vulnerabilities of organizational assets and cloud services that are visible in the public domain. In practice, EASM can refer to a range of … More →

The post Detecting danger: EASM in the modern security stack appeared first on Help Net Security.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-09-03, 90 days ago. The vendor is given until 2026-01-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-09-03, 90 days ago. The vendor is given until 2026-01-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

文章探讨了无国界银行的概念及其对个人和集体的潜在益处，强调其优势在于突破传统金融限制，并通过技术手段实现更高效的全球金融服务。

文章探讨了故事在信息传播中的作用及其可信度的评估标准,指出真实性和情感共鸣是影响受众信任度的关键因素。

文章探讨了AI技术在提升生产力中的潜力与应用，强调了提示工程和大语言模型的重要性，并展望了AI在未来工作流程中的简化与加速作用。

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.9.7. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation results in insufficiently random values. This vulnerability was named CVE-2024-42091. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.9.7. This vulnerability affects the function fsl_asoc_card_audmux_init of the component fsl-asoc-card. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-42089. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.9.7. Affected by this issue is the function create_pinctrl of the component pinctrl. Executing manipulation can lead to deadlock. This vulnerability is handled as CVE-2024-42090. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.9.7. This affects the function gpiod_set_value of the component ilitek-ili9881c. Executing manipulation can lead to privilege escalation. This vulnerability appears as CVE-2024-42087. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data and potentially sensitive credentials shared through support channels. The Breach Details The cybersecurity company became […]

The post Cloudflare Confirms Data Breach – Customer Data Exposed via Salesforce Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in GLPI up to 9.1.4. It has been classified as critical. This affects an unknown function of the file front/devicesoundcard.php. The manipulation of the argument Home as part of Parameter leads to sql injection. This vulnerability is referenced as CVE-2017-11184. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Moodle 3.x. The impacted element is an unknown function of the component Portfolio URL Handler. This manipulation causes improper input validation. This vulnerability appears as CVE-2018-1137. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as problematic has been detected in GNU binutils 2.32. Impacted is the function setup_group of the file elf.c of the component libbfd. The manipulation leads to improper resource management. This vulnerability is uniquely identified as CVE-2019-9072. Local access is required to approach this attack. No exploit exists.

A vulnerability was found in Oracle MySQL Connectors up to 6.9.9/6.10.4 and classified as critical. This impacts an unknown function of the component Connector/Net. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2018-2585. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation, USB propagation, and deceptive shortcut files. The malware, which serves as a delivery mechanism for […]

The post TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章揭示了Google Cloud和Cloudflare等平台长期未能阻止大规模网络钓鱼和品牌仿冒活动，导致48,000个虚拟主机被滥用。这些平台因未及时采取行动而被视为潜在共谋者。Lockheed Martin等知名公司因疏于监测而成为攻击目标。研究显示此类活动已持续三年以上，涉及非法内容和恶意软件分发。