Aggregator

A vulnerability was found in Linux Kernel up to 6.12.30/6.14.8 and classified as critical. The affected element is the function hda_generic_machine_select. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2025-38056. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.12.30/6.14.8. This issue affects some unknown processing of the component ptp. Performing manipulation of the argument signal_out/freq_in results in uninitialized pointer. This vulnerability is known as CVE-2025-38054. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.30/6.14.8/a9d6d466bcf0621a872e1052bc40e4c6f0541b8d. The affected element is the function intel_pmu_pebs_event_update_no_drain. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38055. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

Чтобы расти, нужны усилия и паузы без экранов.

A vulnerability was found in iCat Electronic Commerce Suite 3.0.0. It has been declared as problematic. The affected element is an unknown function in the library carbo.dll. Executing manipulation of the argument icatcommand can lead to path traversal. This vulnerability is registered as CVE-1999-1069. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in Allaire ColdFusion. Affected by this vulnerability is an unknown functionality of the file mainframeset.cfm of the component HTTP Client. Executing manipulation can lead to improper privilege management. This vulnerability is handled as CVE-1999-1124. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Novell Web Server 2.0. It has been classified as critical. This vulnerability affects unknown code of the file files.pl of the component Examples Toolkit. This manipulation causes improper privilege management. This vulnerability is handled as CVE-1999-1081. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Eric Allman Sendmail 8.10.0 and classified as problematic. Affected by this issue is some unknown functionality of the component ETRN Command Handler. Executing manipulation can lead to denial of service. This vulnerability is tracked as CVE-1999-1109. The attack can be launched remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Lakeweb Filemail CGI Script. The affected element is an unknown function of the component Email Address Handler. This manipulation as part of Metacharacter causes improper privilege management. This vulnerability is handled as CVE-1999-1154. The attack can be initiated remotely. There is not any exploit available.

China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a "premeditated" cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace." The Ministry of State Security (MSS), in a WeChat post, said it uncovered "irrefutable evidence" of the agency's involvement in the intrusion

中国指控美国国家安全局（NSA）对国家授时中心（NTSC）发动网络攻击，试图破坏“北京时间”安全运行。攻击利用漏洞窃取数据并部署工具实施高强度网络战。中国挫败此次行动并加强安全措施，同时指责美国在全球多地进行网络攻击并掩盖行为。

After years of working as part of a team, many military veterans look for work that still carries meaning, challenge, and purpose. Cybersecurity offers a new way to serve and protect on a different battlefield. Earlier this year, the Department of Veterans Affairs announced plans for staffing cuts, raising concern among veterans about benefits and job security. While the agency later stepped back from large layoffs, smaller reductions and hiring freezes have left many uncertain … More →

The post Why ex-military professionals are a good fit for cybersecurity appeared first on Help Net Security.

文章介绍了MeetCard碰碰卡作为防丢器和数字名片的使用方法。详细说明了在iOS设备上通过「查找」应用配对 MeetCard 的步骤，并介绍了如何通过 NFC 功能连接 Bonjour! 账号以及使用补充贴纸分享数字名片的方法。同时提供了常见问题及解决办法。

I will teach a live online network forensics training on February 23-26. The full title of the class is Network Forensics for Incident Response, where we will analyze PCAP files containing network traffic from hackers and malware. The training is split into four interactive sessions running from 13:[...]

Helium убирает сервисы Google и возвращает контроль над каждым запросом без потери скорости.

日本电商巨头 爱速客乐（ASKUL）19 日宣布，因遭到网络攻击导致系统故障，已暂停商品的订单受理及出货业务。此次故障的原因是感染了勒索软件。运营“无印良品”的良品计划公司也于 20 日透露，19 日夜间暂停了网店销售等业务。良品计划将部分配送业务委托给爱速客乐子公司，物流出现了障碍。爱速客乐 19 日上午发现感染病毒，目前尚无修复的眉目。包括是否有个人信息和顾客数据外泄在内，公司正在调查影响范围。爱速客乐表示，“发生了给大家添麻烦、让大家担心的事态，在此致歉。”

When you think of network tunneling, “lightweight” and “enterprise-grade” rarely appear in the same sentence. NodePass, an open-source project, wants to change that. It’s a compact but powerful TCP/UDP tunneling solution built for DevOps teams and system administrators who need to manage complex network environments without wading through configuration files or rigid infrastructure setups. Nodepass architecture Whether you’re setting up port mapping, managing NAT traversal, or relaying traffic across mixed networks, NodePass offers the flexibility … More →

The post Nodepass: Open-source TCP/UDP tunneling solution appeared first on Help Net Security.

中国发现美国国家安全局（NSA）自2022年3月起通过员工手机漏洞攻击国家授时中心，窃取敏感数据。国安部门获取“无可辩驳证据”，采取措施阻止攻击并加强防御。

China claims the US NSA hacked its National Time Service Center by exploiting staff phone flaws since March 2022, stealing sensitive data. China’s Ministry of State Security announced it has found “irrefutable evidence” that the US National Security Agency (NSA) conducted cyberattacks on its National Time Service Center, reports Bloomberg. The China National Time Service […]

GIMP 正式提供 Snap 打包的版本。它已经提供了 Flatpak 包和微软 Windows 商店的 MSIX 包。Snap 是 Canonical 主导的软件包格式，GIMP 此前非官方的 Snap 软件包由下游项目 Snapcrafters 维护，GIMP 联系了 Snapcrafters，对方欣然同意转让所有权。GIMP 3.0.6 是第一个由官方维护的 Snap 版本。