Aggregator

中国国家支持的APT组织自2021年起针对全球电信、政府及军事网络展开长期网络间谍活动，通过利用路由器漏洞渗透并控制关键设备。国际情报机构联合发布警告，建议加强防护措施以应对此类威胁。

美国网络安全机构CISA新增两个高危漏洞至已知被利用漏洞目录：TP-Link Wi-Fi扩展器身份验证缺陷（CVE-2020-24363）和WhatsApp间谍软件攻击链（CVE-2025-55177），后者与苹果系统漏洞结合使用。修复版本已发布但设备已停产。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain

Темный двойник Земли, где органика танцует под дождем из смерти.

In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats, it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that attackers use to target your organization. Effective solutions provide crucial information on the vulnerabilities of organizational assets and cloud services that are visible in the public domain. In practice, EASM can refer to a range of … More →

The post Detecting danger: EASM in the modern security stack appeared first on Help Net Security.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-09-03, 10 days ago. The vendor is given until 2026-01-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-09-03, 10 days ago. The vendor is given until 2026-01-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

文章探讨了无国界银行的概念及其对个人和集体的潜在益处，强调其优势在于突破传统金融限制，并通过技术手段实现更高效的全球金融服务。

文章探讨了故事在信息传播中的作用及其可信度的评估标准,指出真实性和情感共鸣是影响受众信任度的关键因素。

文章探讨了AI技术在提升生产力中的潜力与应用，强调了提示工程和大语言模型的重要性，并展望了AI在未来工作流程中的简化与加速作用。

A vulnerability has been found in Linux Kernel up to 6.9.7 and classified as problematic. Affected by this issue is the function davinci_gpio_probe. This manipulation causes improper validation of array index. The identification of this vulnerability is CVE-2024-42092. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.9.7. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation results in insufficiently random values. This vulnerability was named CVE-2024-42091. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.9.7. Affected by this vulnerability is an unknown functionality of the file sound/soc/mediatek/common/mtk-soundcard-driver.c of the component mt8195. Performing manipulation results in out-of-bounds read. This vulnerability is known as CVE-2024-42088. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.9.7. This vulnerability affects the function fsl_asoc_card_audmux_init of the component fsl-asoc-card. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-42089. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.9.7. Affected by this issue is the function create_pinctrl of the component pinctrl. Executing manipulation can lead to deadlock. This vulnerability is handled as CVE-2024-42090. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.9.7 and classified as critical. This vulnerability affects the function compensate of the component bme680. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2024-42086. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.9.7. This affects the function gpiod_set_value of the component ilitek-ili9881c. Executing manipulation can lead to privilege escalation. This vulnerability appears as CVE-2024-42087. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data and potentially sensitive credentials shared through support channels. The Breach Details The cybersecurity company became […]

The post Cloudflare Confirms Data Breach – Customer Data Exposed via Salesforce Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in GLPI up to 9.1.4. It has been classified as critical. This affects an unknown function of the file front/devicesoundcard.php. The manipulation of the argument Home as part of Parameter leads to sql injection. This vulnerability is referenced as CVE-2017-11184. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Moodle 3.x. The impacted element is an unknown function of the component Portfolio URL Handler. This manipulation causes improper input validation. This vulnerability appears as CVE-2018-1137. The attack may be initiated remotely. There is no available exploit.