Aggregator

A vulnerability labeled as problematic has been found in Radare2 up to 5.9.8. This issue affects the function r2r_subprocess_init. The manipulation results in memory leak. This vulnerability is identified as CVE-2025-60360. The attack can only be performed from the local network. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability categorized as problematic has been discovered in Adobe Commerce up to 2.4.9-alpha2. This vulnerability affects unknown code. The manipulation results in incorrect authorization. This vulnerability was named CVE-2025-54265. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Radare2 up to 5.9.8. It has been classified as problematic. The impacted element is the function _load_relocations. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-60358. The attack can only be initiated within the local network. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability identified as problematic has been detected in Radare2 up to 5.9.8. This vulnerability affects the function r_bin_object_new. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2025-60359. The attack needs to be initiated within the local network. No exploit is available. Applying a patch is the recommended action to fix this issue.

A Reddit poster detailed how reinstalling Windows 11 unexpectedly encrypted two of their backup drives with BitLocker, locking away 3TB of irreplaceable data without any prior setup. The incident, shared onReddit, highlights the risks of Microsoft’s automatic encryption feature in Windows 11, which can activate silently during routine maintenance like OS reinstalls.​ The user, running […]

The post Automatic BitLocker Encryption May Silently Lock Away Your Data appeared first on Cyber Security News.

本文分享了一个独立开发团队在鸿蒙NEXT平台上的开发与运营经验。他们的小词典应用在上线后表现超出预期，在下载量、付费转化率和用户评分上均有良好表现。尽管面临API缺失和工具不足等挑战，但鸿蒙商店的免费流量和开发者支持为团队带来了信心。文章指出鸿蒙生态仍有潜力，并鼓励开发者尝试。

无印良品因物流供应商ASKUL遭受勒索软件攻击导致物流中断，被迫关闭日本所有门店并暂停线上服务。公司正在调查受影响订单及数据泄露情况。

A vulnerability was found in SoftMaker FlexiPDF 3.0.3.0. It has been classified as critical. This affects an unknown function of the component PDF Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is documented as CVE-2023-24295. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Poly Trio 8800 7.2.2.1094 and classified as critical. This vulnerability affects unknown code of the component Ringtone File Handler. Such manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2023-24282. The attack can only be initiated within the local network. No exploit exists.

A vulnerability has been found in Zumtobel Netlink CCD Onboard up to 3.80 and classified as critical. Affected is the function NetlinkWeb::Information::SetDeviceIdentification. Performing manipulation results in buffer overflow. This vulnerability was named CVE-2023-24294. The attack needs to be approached within the local network. There is no available exploit.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on October 20, 2025, highlighting a severe vulnerability CVE-2025-33073 in Microsoft’s Windows SMB Client. Dubbed an improper access control flaw, this vulnerability tracked under CVE details yet to be fully specified poses a significant risk of privilege escalation for attackers worldwide. As cyber threats […]

The post CISA Warns of Windows SMB Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Tumblr曾因支持成人内容和付费订阅而火爆，但在禁止色情内容后流量大跌并被多次转手。现为WordPress母公司旗下产品，每年运营成本高昂且持续亏损。CEO称收购为最大失败，计划将后端迁移至WordPress以降低成本。

The Shadowserver Foundation has uncovered more than 71,000 internet-exposed WatchGuard devices running vulnerable versions of Fireware OS. The flaw, tracked as CVE-2025-9242, stems from an out-of-bounds write vulnerability in the IKEv2 implementation, potentially allowing remote attackers to execute arbitrary code without authentication. Disclosed earlier this year, the issue highlights the dangers of unpatched firewalls in […]

The post 71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks appeared first on Cyber Security News.

嗯，用户让我总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”这样的开头。首先，我得仔细阅读文章，理解主要信息。 文章讲的是苹果在iOS 26.1 Beta 4中新增了一个相机滑动开关，默认是开启的。用户可以选择关闭这个功能，这样在锁定屏幕上滑动就不会打开相机了。之前这个滑动手势一直是默认开启的，但有时候用户会误触，所以苹果现在给了用户一个开关来禁用它。 接下来，我需要提取关键点：新增滑动开关、默认启用、可关闭锁定屏幕滑动打开相机、解决误触问题、Beta 4版本、即将发布正式版。这些是主要内容。 然后，我要把这些信息浓缩到100字以内。要确保语言简洁明了，不遗漏重要信息。可能的结构是：苹果在iOS 26.1 Beta 4中新增相机滑动开关，默认启用，用户可关闭锁定屏幕滑动打开相机的功能。该功能长期默认开启，但有时误触，新增选项为用户提供选择。 检查一下字数是否符合要求，并且表达是否清晰。最后确认没有使用禁止的开头方式。 苹果在iOS 26.1 Beta 4中新增相机滑动开关，默认启用，用户可关闭锁定屏幕滑动打开相机的功能。该功能长期默认开启，但有时误触，新增选项为用户提供选择。

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as problematic. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. This vulnerability was named CVE-2025-9842. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in SRI Mojolicious up to 9.39 on Perl. Affected is an unknown function of the component HMAC Session Secrets Handler. The manipulation results in use of hard-coded cryptographic key . This vulnerability is known as CVE-2024-58134. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in SRI Mojolicious up to 9.39 on Perl. This affects the function rand of the component HMAC Session Secrets Handler. Executing manipulation can lead to cryptographically weak prng. This vulnerability is tracked as CVE-2024-58135. The attack is only possible within the local network. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as problematic. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2025-9843. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in Rockwell Automation FactoryTalk Optix. This impacts an unknown function. Executing manipulation can lead to command injection. This vulnerability is registered as CVE-2025-9161. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in MCMS 5.5.0 and classified as critical. This impacts an unknown function of the file /cms/content/list of the component FreeMarker Template Handler. This manipulation of the argument content_title causes sql injection. This vulnerability is registered as CVE-2025-56316. Remote exploitation of the attack is possible. No exploit is available.