谷歌为Android防盗保护功能添加云端备份 重置手机后将自动重新启用防盗保护
谷歌为 Android 防盗保护功能添加云端备份,重置手机后自动恢复防盗设置。防盗功能包括检测异常锁定手机、离线设备锁等,提升丢失或被盗时的安全性。
Aggregator
CVE-2023-21474 | Samsung Devices SecSettings improper authorization (EUVD-2023-25642)
1 week 3 days ago
A vulnerability marked as critical has been reported in Samsung Devices. This affects an unknown part of the component SecSettings. This manipulation causes improper authorization.
This vulnerability is handled as CVE-2023-21474. It is possible to launch the attack on the local host. There is not any exploit available.
To fix this issue, it is recommended to deploy a patch.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
vuldb.com
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
1 week 3 days ago
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps).
"Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps," the web infrastructure and security company said in a post on X. "
The Hacker News
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
1 week 3 days ago
Cloudflare拦截创纪录DDoS攻击,峰值达11.5 Tbps,来自Google Cloud UDP洪水,持续35秒。此类攻击通过僵尸网络发送大量请求淹没目标网络,导致服务中断。RapperBot僵尸网络利用NVR漏洞传播,通过NFS挂载和DGA生成C2域名发起DDoS攻击。
CVE-2025-21037 | Samsung Notes up to 4.4.29.23 User Profile access control
1 week 3 days ago
A vulnerability labeled as critical has been found in Samsung Notes up to 4.4.29.23. Affected by this issue is some unknown functionality of the component User Profile Handler. The manipulation results in improper access controls.
This vulnerability is known as CVE-2025-21037. An attack on the physical device is feasible. No exploit is available.
The affected component should be upgraded.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
vuldb.com
Warning: Over 1,100 Ollama AI Servers Found Exposed to the Internet
1 week 3 days ago
Cisco Talos specialists have uncovered more than 1,100 instances of Ollama—a framework designed for running LLM models locally—exposed
The post Warning: Over 1,100 Ollama AI Servers Found Exposed to the Internet appeared first on Penetration Testing Tools.
ddos
CVE-2025-21036 | Samsung Notes up to 4.4.29.23 implicit intent
1 week 3 days ago
A vulnerability identified as problematic has been detected in Samsung Notes up to 4.4.29.23. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of implicit intent for sensitive communication.
This vulnerability is traded as CVE-2025-21036. An attack has to be approached locally. There is no exploit available.
You should upgrade the affected component.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
vuldb.com
CVE-2025-21035 | Samsung Calendar prior 12.5.06.5/12.6.01.12 User Profile access control
1 week 3 days ago
A vulnerability categorized as critical has been discovered in Samsung Calendar. Affected is an unknown function of the component User Profile Handler. Executing manipulation can lead to improper access controls.
This vulnerability appears as CVE-2025-21035. The physical device can be targeted for the attack. There is no available exploit.
It is advisable to upgrade the affected component.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
vuldb.com
CVE-2025-21030 | Samsung Devices AppPrelaunchManagerService insufficient permissions or privileges
1 week 3 days ago
A vulnerability was found in Samsung Devices. It has been rated as critical. This impacts an unknown function of the component AppPrelaunchManagerService. Performing manipulation results in improper handling of insufficient permissions or privileges.
This vulnerability is reported as CVE-2025-21030. The attack may be carried out on the physical device. No exploit exists.
It is recommended to apply a patch to fix this issue.
Once again VulDB remains the best source for vulnerability data.
vuldb.com
CVE-2025-58272 | NTT EAST/NTT WEST Web Caster V130 up to 1.08 cross-site request forgery
1 week 3 days ago
A vulnerability was found in NTT EAST/NTT WEST Web Caster V130 up to 1.08. It has been declared as problematic. This affects an unknown function. Such manipulation leads to cross-site request forgery.
This vulnerability is documented as CVE-2025-58272. The attack can be executed remotely. There is not any exploit available.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
vuldb.com
CVE-2023-3666 | Sticky Side Buttons Plugin up to 1.x on WordPress Setting cross site scripting
1 week 3 days ago
A vulnerability was found in Sticky Side Buttons Plugin up to 1.x on WordPress. It has been classified as problematic. The impacted element is an unknown function of the component Setting Handler. This manipulation causes cross site scripting.
This vulnerability is registered as CVE-2023-3666. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
vuldb.com
科学家称美国能源部的气候报告充斥着错误
1 week 3 days ago
数十名科学家联署驳斥了美国能源部的气候报告,认为报告充斥着错误。报告声称二氧化碳浓度上升能给美国农业带来“净收益”,但忽视了高温以及气候变化引发的极端天气事件对农作物的负面影响。特朗普任命的美国新能源部长 Chris Wright 是知名的气候变化否定论者,他也是一位前化石能源公司高管——他担任过美国第二大水力压裂油服公司 Liberty Energy CEO。他公开表示过,“气候危机并不存在,我们也没有处于能源转型之中”。
PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability
1 week 3 days ago
A proof-of-concept exploit for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft’s IIS Web Deploy (msdeploy) tool, was published this week, raising urgent alarms across the .NET and DevOps communities. The flaw resides in the unsafe deserialization of HTTP header contents in both the msdeployagentservice and msdeploy.axd endpoints, enabling authenticated attackers to execute arbitrary code on target […]
The post PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability appeared first on Cyber Security News.
Florence Nightingale
The New Threat to Android: Why Malware Droppers Are Getting Smarter
1 week 3 days ago
Low-profile droppers, long considered auxiliary tools in the arsenals of Android banking trojans and RATs, are undergoing a
The post The New Threat to Android: Why Malware Droppers Are Getting Smarter appeared first on Penetration Testing Tools.
ddos
HelloGookie / Kraken Forum Emergence and Data Leak Activity
1 week 3 days ago
You must login to view this content
cohenido
Warning: Fake npm Package Hijacks Crypto Wallets
1 week 3 days ago
Researchers at Socket have uncovered a malicious npm package named nodejs-smtp, masquerading as the widely used nodemailer library
The post Warning: Fake npm Package Hijacks Crypto Wallets appeared first on Penetration Testing Tools.
ddos
Salesloft Breach Triggers Global Threat Cascade
1 week 3 days ago
A large-scale theft of authentication tokens from Salesloft, developer of the corporate chatbot platform, has triggered a chain
The post Salesloft Breach Triggers Global Threat Cascade appeared first on Penetration Testing Tools.
ddos
清洁公司CleanCore任命马斯克律师为董事会主席 决定投资狗狗币后股价暴跌60%
1 week 3 days ago
埃隆·马斯克的律师亚历克斯·斯皮罗成为CleanCore董事会主席后,决定投资1.75亿美元购买狗狗币。然而,这一决定导致CleanCore股价暴跌60%,投资者对狗狗币的前景并不看好。
Robot Takeover? Critical Flaw in Pudu Robots Exposed
1 week 3 days ago
A security researcher uncovered critical vulnerabilities in the admin panel of Pudu Robotics, China’s largest supplier of commercial
The post Robot Takeover? Critical Flaw in Pudu Robots Exposed appeared first on Penetration Testing Tools.
ddos
CVE-2005-1095 | Ocean12 Technologies Membership Manager Pro 1.x main.asp page cross site scripting (EDB-25354 / XFDB-20014)
1 week 3 days ago
A vulnerability marked as problematic has been reported in Ocean12 Technologies Membership Manager Pro 1.x. This impacts an unknown function of the file main.asp. This manipulation of the argument page causes basic cross site scripting.
This vulnerability is tracked as CVE-2005-1095. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com