Aggregator

作者：Amine Lbath, Massih-Reza Amini, Aurelien Delaitre, Vadim Okun 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2508.20866v1 摘要 软件系统复杂度的不断提升以及网络攻击手段的日益精密，凸显了高效自动化漏洞检测与修复系统的关键需求。静态程序分析等传统方法在可扩展性、适应性以及...

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. This vulnerability was named CVE-2025-9606. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-9607. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9608. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a third-party application. On July 28, 2025, TransUnion […]

The post TransUnion Hack Exposes 4M+ Customers Personal Information appeared first on Cyber Security News.

文件层免杀对抗愈加激烈的背景下，内存层检测已经成为终端安全软件当前重点建设的检测引擎

The credit rating giant revealed that the breach, which occurred on July 28, was caused by unauthorized access to a third-party application

DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by North Korean actors, supplemented by dozens of profiles across niche freelancing and forum sites. These operatives employ deepfake profile photos, […]

The post DPRK Remote Work Tactics: Leveraging Code-Sharing Platforms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9669. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Emerging in mid-2025, a sophisticated campaign attributed to the Silver Fox APT has begun exploiting a previously unreported vulnerable driver to compromise modern Windows environments. This campaign leverages the WatchDog Antimalware driver (amsdk.sys, version 1.0.600), a Microsoft-signed component built on the Zemana Anti-Malware SDK. By abusing its arbitrary process termination capability, threat actors bypass endpoint […]

The post Silver Fox APT Hackers Leveraging Vulnerable driver to Attack Windows 10 and 11 Systems by Evading EDR/AV appeared first on Cyber Security News.

Submit #637413 / VDB-321876

Протокол ACP может повторить успех LSP.

A vulnerability classified as problematic was found in Synology RADIUS Server. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2024-13987. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

Submit #637297 / VDB-272072

Submit #637292 / VDB-265211

8月28日，2025中国国际大数据产业博览会（以下简称“2025数博会”）在贵州省贵阳市开幕。

基于价值理念的《中国数字安全价值图谱》更新版来了。

文章描述了一个名为CVE-2024-28080的Gitblit SSH服务认证绕过漏洞。该漏洞允许攻击者在未持有私钥的情况下通过空密码绕过身份验证。问题源于Gitblit与MINA SSHD库的交互设计，在公钥验证失败后未正确重置状态，导致后续密码验证被绕过。此漏洞影响所有支持SSH公钥认证的旧版本，并于2025年6月通过版本1.10修复。