Aggregator

A vulnerability classified as problematic has been found in Samsung Camera. Affected by this issue is some unknown functionality of the component Install Package Handler. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2023-21482. It is feasible to perform the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Samsung Devices. This issue affects some unknown processing of the component CertByte. Executing manipulation can lead to improper input validation. This vulnerability is tracked as CVE-2023-21480. The attack is restricted to local execution. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability marked as problematic has been reported in Sitecore Experience Manager and Experience Platform up to 10.4. This vulnerability affects unknown code. Performing manipulation results in information disclosure. This vulnerability is reported as CVE-2025-53694. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Crestron TOUCHSCREENS x70 up to 3.001.0034.001 and classified as critical. Affected is an unknown function of the component SCP Command Handler. Executing manipulation can lead to argument injection. The identification of this vulnerability is CVE-2025-47421. The physical device can be targeted for the attack. There is no exploit available.

A vulnerability classified as critical was found in Samsung Devices. This affects an unknown part of the component TIGERF Trustlet. Such manipulation leads to access of memory location after end of buffer. This vulnerability is referenced as CVE-2023-21477. The attack can only be performed from a local environment. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as problematic, has been found in Samsung Devices. This vulnerability affects unknown code of the component TIGERF Trustlet. Performing manipulation results in information disclosure. This vulnerability is identified as CVE-2023-21478. The attack is only possible with local access. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in Mautic up to 4.4.16/5.2.7/6.0.4. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. The manipulation leads to unverified ownership. This vulnerability is referenced as CVE-2025-9822. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability, which was classified as problematic, was found in Google Android 11.0/12.0/13.0. This affects the function setMimeGroup of the file PackageManagerService.java. The manipulation results in resource consumption. This vulnerability is known as CVE-2023-20922. Attacking locally is a requirement. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability classified as problematic has been found in Google Android 10.0/11.0/12.0/13.0. Affected by this vulnerability is the function onPackageRemoved of the file AccessibilityManagerService.java. This manipulation causes incorrect control flow. This vulnerability is registered as CVE-2023-20921. The attack needs to be launched locally. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability labeled as problematic has been found in Google Android 10.0/11.0/12.0/13.0. This affects the function queue of the file UsbRequest.java. Executing manipulation can lead to use after free. This vulnerability is tracked as CVE-2023-20920. The attack is restricted to local execution. No exploit exists. It is best practice to apply a patch to resolve this issue.

你以为 AI 在帮你节约时间，真实情况是 在 AI 加持下的算法，让你越发沉迷于短视频、游戏、信息流里不可自拔 默认情况下，AI 用更冗长的语言，给了你更多信息，但是信息真伪、质量鉴别还需要你自己来 默认情况下，AI 帮你生成的代码会让你很快抵达 WoW 的高潮，但那些代码的可读性、可维护性可能堪忧 你以为必须紧跟时代学习各种新产品新名词，真实情况是 你最好知道自己要用 AI 干什么——绝大多数人不知道 AI 能解决自己的什么问题，对着一个对话框，提不出有价值的问题 你最好先能深度使用好一款产品，至少让它提供的价值远超你的时间和金钱投入，而不是每个东西浅尝辄止 你以为只用 AI 就能解决问题，真实情况是 世界上还有大量的领域无需 AI 没办法很好地解决问题 世界上还有大量的工具可以使用——AI 只是工具的一种，可能是最先进的，可能 AI 已经可以使用工具了，但你最好也还会使用多种工具 你以为 AI 已经回答了你的问题，真实情况是 你不知道答案的真伪 你有可能没有仔细看过 AI 提供的内容——虽然每个 Deep Research 看上去都那么专业 你大概率还没有思考、得出自己的结论、做出有效的决策 尤其是：AI 回答了你的问题，但你拿到结果了吗？ 你以为有了 AI，写作、英语、编程就不重要了，真实情况是 写作能力和英语能力以及编程能力可能更重要了——你必须把这些技能内化 否则，它替你思考，你却失去了思考的能力 我们以为自己比 AI 聪明，我猜情况可能是 AI 比我们聪明。 我们不是要善用 AI，而可能是要善于向 AI 借力——配合 AI 最好假设 AI 还会进步，来到自己的行业，它需要什么？我们做好准备

Cloudflare mitigated the largest DDoS attack ever recorded, an 11.5 Tbps flood that lasted 35 seconds without disrupting…

The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.

The post Google patches two Android zero-days, 120 defects total in September security update appeared first on CyberScoop.

Две несовместимые вселенные синхронизированы благодаря уникальному “переводчику”.

在 XZ 后门事件中，化名为 JiaT75(Jia Tan)的攻击者通过在两年多时间里向项目积极贡献代码而获得信任，然后再通过施压而最终成为项目的共同维护者，得到了能悄悄在代码中植入后门的权限。在以大模型为代表的生成式 AI 时代，贡献代码可能比以往任何时候更轻松，这意味着攻击者可以使用大模型向开源项目积极贡献代码，而项目的维护者将难以判断代码背后的人的意图。开源项目的维护者缺乏资源、技能或时间去抵御此类的攻击，因此未来的开源项目可能更容易受到类似 XZ 后门事件的攻击。

Alleged Sale of RDWeb Access to a Singapore Engineering Services Company

Ten-year extensions of a threat information sharing law and a cybersecurity grant program for states and localities won bipartisan approval in the House Homeland Security Committee.

In a 2-1 decision, an appeals court upheld a 1935 Supreme Court precedent restricting the president’s ability to fire FTC commissioners. 

The post Court rules ‘fired’ FTC commissioners be reinstated — again appeared first on CyberScoop.