Aggregator

攻击始于从被入侵的合法账户（通常属于受信任的个人或组织）发送的看似无害的电子邮件。

Группа молчала целый год, а теперь триумфально возвращается с новыми инструментами.

2025年4月16日，绿盟科技CERT监测到Oracle官方发布了4月重要补丁更新公告CPU，此次共修复了390个不同程度的漏洞，Oracle强烈建议客户尽快应用关键补丁更新修复程序，对漏洞进行修复。

2025年4月16日，绿盟科技CERT监测到Oracle官方发布了4月重要补丁更新公告CPU，此次共修复了390个不同程度的漏洞，Oracle强烈建议客户尽快应用关键补丁更新修复程序，对漏洞进行修复。

小红书上多元长尾的生活需求，吸引着新一代的独立开发者们。

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

Учёные раскрыли ароматический код человеческих отношений.

Meta нашла способ легализовать массовый сбор данных пользователей.

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide. Some of these attacks represent much larger campaigns designed to target country-level infrastructure, acting as tools for geopolitical influence. It is […]

HackerNews 编译，转载请注明出处： Landmark Admin就其2024年5月遭遇的网络攻击调查发布更新，确认受影响人数已升至160万。 这家总部位于德克萨斯州的第三方管理公司（TPA）主要为Liberty Bankers Life、American Benefit Life等全国性大型保险公司提供保单核算、监管报告、再保险支持及IT系统服务。 2024年10月，该公司首次披露于2024年5月13日发现网络可疑活动。 未经授权的访问被认为导致806,519人的个人信息泄露，包括： 全名 家庭住址 社会安全号码 纳税识别号 驾照号码 州政府签发身份证 护照号码 金融账户号码 医疗信息 出生日期 健康保险单号 人寿及年金保单信息 具体泄露数据类型因人而异，Landmark承诺通过个性化信件告知每位受影响者其被泄露的具体信息。 在向缅因州总检察长办公室提交的更新文件中，Landmark表示调查显示实际受影响人数应为1,613,773人。 该公司强调取证调查仍在进行中，最终受影响人数可能进一步增加，未来或将多次修正统计结果。 最新公告声明：”Landmark已开始审查受影响系统，以确定具体受影响的个人及可能泄露的信息类型。在此过程中，我们将通过邮件逐步通知相关个人。” 数据泄露通知接收者可在收到通知后90日内通过专用热线提出质询。 Landmark同时提供12个月的身份盗窃保护与信用监控服务，以降低敏感数据暴露风险。 建议措施还包括监控信用报告、设置欺诈警报或启用安全冻结功能。     消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, was found in Ninja Filebird Plugin up to 6.4.2.1 on WordPress. This affects an unknown part. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2025-26977. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PwnDoc up to 1.1.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Backup Restore Handler. The manipulation leads to relative path traversal. This vulnerability is known as CVE-2025-27410. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PwnDoc up to 1.1.x and classified as critical. Affected by this vulnerability is an unknown functionality of the component Backup Restore Handler. The manipulation leads to path traversal: '../filedir'. This vulnerability is known as CVE-2025-27413. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been rated as critical. Affected by this issue is some unknown functionality of the component Firmware Image Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is handled as CVE-2025-27680. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been classified as problematic. This affects an unknown part of the component Client Inter-Process Security. The manipulation leads to client-side enforcement of server-side security. This vulnerability is uniquely identified as CVE-2025-27681. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-27684. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Vasion Print Virtual Appliance Host. Affected is an unknown function of the component Log Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-27682. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Vasion Print Virtual Appliance Host and classified as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2025-27683. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host and classified as problematic. This issue affects some unknown processing of the component Configuration File Handler. The manipulation leads to cleartext storage of sensitive information. The identification of this vulnerability is CVE-2025-27685. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Avid NEXIS E-series, NEXIS F-series, NEXIS PRO+ and System Director Appliance on Linux and classified as critical. This issue affects some unknown processing. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2024-26290. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.