Aggregator

根据发表在《Nature Climate Change》期刊上的一项研究，森林砍伐过去 20 年导致局部地区气温升高，逾 50 万人死于与热相关疾病。2001-2020 年间，热带地区约有 3.45 亿人遭受了由森林砍伐引起的局部气温上升，其中 260 万人的热暴露增加了 3 摄氏度。研究人员估计，森林砍伐导致的变暖过去 20 年每年造成 28,330 人死亡。其中逾半数在东南亚，该地区受高温影响的人口较多；三分之一在热带非洲，其余在中美洲和南美洲。

分享一篇文章。

A large-scale cybercrime conspiracy known as ShadowCaptcha was made public by cybersecurity researchers at Israel’s National Digital Agency. This campaign exploits the ClickFix technique, deploying deceptive CAPTCHA interfaces mimicking legitimate services like Cloudflare or Google to manipulate users into running malicious commands. The operation, traced through compromised WordPress websites, represents a sophisticated blend of social […]

The post ShadowCaptcha Exploit: Massive WordPress Site Compromise Used to Execute Malicious Commands on Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation’s entire Social Security dataset in an unsecured cloud environment.  Chief Data Officer Charles Borges warned that, if malicious actors gain access, over 300 million Americans could face identity […]

The post DOGE Accused of Mimicking Country’s Social Security Info in Unsecured Cloud appeared first on Cyber Security News.

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group (GTIG) and Mandiant, tracked as UNC6395. GTIG told The Hacker

A vulnerability classified as problematic was found in SMA Boy. Affected by this vulnerability is an unknown functionality. The manipulation results in relative path traversal. This vulnerability is reported as CVE-2021-4459. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Вредоносное ПО устанавливается автоматически, без ведома пользователя.

A.S.E (AI Code Generation Security Evaluation) - 为你提供大模型安全实践工具，让你一眼就能选出最靠谱的 AI 队友。

EU security agency ENISA is being handed €36m to operate the EU Cybersecurity Reserve

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under

Ведомство подключает бизнес к национальному мессенджеру.

A vulnerability classified as critical has been found in Zulip up to 10.1. The affected element is an unknown function of the component Account Creation Handler. This manipulation causes improper authentication. This vulnerability is handled as CVE-2025-31478. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zulip up to 10.2. It has been rated as problematic. This affects an unknown function of the component Channel Privacy Handler. Performing manipulation results in incorrect authorization. This vulnerability is identified as CVE-2025-47930. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Mitsubishi Electric MELSEC iQ-F FX5U-32MT, MELSEC iQ-F FX5U-32MR, MELSEC iQ-F FX5U-64MT, MELSEC iQ-F FX5U-64MR, MELSEC iQ-F FX5U-80MT, MELSEC iQ-F FX5U-80MR, MELSEC iQ-F FX5UC-32MT, D, MELSEC iQ-F FX5UC-64MT, MELSEC iQ-F FX5UC-96MT, DS-TS, DSS-TS, MELSEC iQ-F FX5UC-32MR, MELSEC iQ-F FX5UJ-24MT, MELSEC iQ-F FX5UJ-24MR, MELSEC iQ-F FX5UJ-40MT, MELSEC iQ-F FX5UJ-40MR, MELSEC iQ-F FX5UJ-60MT, MELSEC iQ-F FX5UJ-60MR, ES-A, MELSEC iQ-F FX5S-30MT, MELSEC iQ-F FX5S-30MR, MELSEC iQ-F FX5S-40MT, MELSEC iQ-F FX5S-40MR, MELSEC iQ-F FX5S-60MT, MELSEC iQ-F FX5S-60MR, MELSEC iQ-F FX5S-80MT and MELSEC iQ-F FX5S-80MR. It has been classified as very critical. This affects an unknown function. This manipulation causes improper validation of specified index, position, or offset in input. This vulnerability appears as CVE-2025-3755. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as critical has been detected in advplyr audiobookshelf up to 2.27.x. This issue affects some unknown processing of the component Redirect Call Handler. This manipulation causes unprotected transport of credentials. This vulnerability is tracked as CVE-2025-57800. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability described as critical has been identified in Biosig libbiosig 3.9.0. The impacted element is an unknown function of the component MFER Parser. Such manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-46411. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Biosig libbiosig 3.9.0. This affects an unknown function of the component RHS2000 Parser. Performing manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2025-48005. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in Biosig libbiosig 3.9.0. Affected by this vulnerability is an unknown functionality of the component MFER Parser. The manipulation results in heap-based buffer overflow. This vulnerability was named CVE-2025-53511. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in Biosig libbiosig 3.9.0. It has been rated as problematic. Impacted is an unknown function of the component Nex Parser. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-52461. The attack may be initiated remotely. There is no available exploit.