Aggregator

A vulnerability described as critical has been identified in FFmpeg up to 7.1. The affected element is the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-1594. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in John Roy Pi3Web 2.0. It has been declared as problematic. This impacts an unknown function of the component Request Handler. Such manipulation with the input ... leads to improper privilege management. This vulnerability is listed as CVE-2002-0142. The attack may be performed from remote. In addition, an exploit is available. Restrictive firewalling should be applied.

A vulnerability described as critical has been identified in Microsoft IIS 4.0/5.0/5.1. Affected is an unknown function of the component ASP Data Transfer Handler. The manipulation results in memory corruption. This vulnerability is reported as CVE-2002-0147. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Microsoft IIS 4.0/5.0/5.1. Affected by this issue is some unknown functionality of the component ASP Server-Side Include. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2002-0149. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Microsoft IIS 4.0/5.0/5.1. This affects an unknown part of the component HTTP Header Handler. Performing manipulation results in memory corruption. This vulnerability is known as CVE-2002-0150. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Cisco Secure Access Control Server up to 3.01 and classified as critical. Impacted is an unknown function of the component CSAdmin Module. The manipulation results in format string. This vulnerability was named CVE-2002-0159. The attack may be performed from remote. There is no available exploit. Applying restrictive firewalling is recommended.

A vulnerability described as problematic has been identified in Microsoft Windows NT 4.0. The impacted element is an unknown function of the component Multiple UNC Provider. Executing manipulation can lead to memory corruption. This vulnerability appears as CVE-2002-0151. The attack requires local access. There is no available exploit. A patch should be applied to remediate this issue.

Google Chrome’s V8 JavaScript engine has long balanced speed and security for billions of users worldwide. On September 16, 2025, Google’s Threat Analysis Group discovered a critical zero-day flaw in the TurboFan compiler component of V8. Now tracked as CVE-2025-10585, the vulnerability allows attackers to trigger a type confusion condition, corrupt memory in the browser […]

The post Code Analysis Published for Chrome Type Confusion 0-Day Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章探讨了企业在风险和合规自动化方面的挑战，指出尽管许多供应商承诺通过自动化节省时间并提高效率，但大多数未能满足企业规模需求。作者认为AI技术终于为合规管理提供了切实可行的解决方案。

If you’ve been in the trenches of enterprise risk and compliance for any length of time, you’ve heard the pitch: “Automate your compliance and save your team hours.” Dozens of vendors have said it. Most have meant well. And nearly all of them have failed to deliver at the scale that enterprises require.

The post The Compliance Automation Mirage: Why Vendors Keep Failing and Where AI Finally Gets It Right appeared first on Security Boulevard.

Canada’s law enforcement community has achieved a landmark victory in the fight against illicit finance with the dismantling of TradeOgre, a Tor-based cryptocurrency exchange that facilitated the theft and laundering of over 56 million dollars in digital assets. Emerging in early 2023, TradeOgre operated entirely as a hidden service, leveraging the anonymity of the Tor […]

The post Canada Police Dismantles TradeOgre Platform That Stolen 56 Million Dollars in Cryptocurrency appeared first on Cyber Security News.

Subtle Snail, an Iran-linked espionage group also tracked as UNC1549 under the Unyielding Wasp (Tortoiseshell) umbrella of the Charming Kitten network, has shifted its focus to European telecom, aerospace, and defense firms since June 2022. In a recent wave of attacks, the group compromised 34 devices across 11 organizations by masquerading as human resources representatives […]

The post Subtle Snail Impersonation Tactics: How HR Representatives Can Engage Employees to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

新华社报道，中国海军宣布，歼-15T、歼-35和空警-600三型舰载机，已于此前成功完成在福建舰上的首次弹射起飞和着舰训练。这是我国首次在弹射型航母上，实现多型号先进舰载机的电磁弹射和阻拦着舰。美国在 2010 年完成了最早的陆基电磁弹射，福特号航母在 2013 年安装了第一套电磁弹射器，但因为种种问题至今没有进行舰载机电磁弹射测试。

中国海军歼-15T、歼-35和空警-600三型舰载机在福建舰上完成首次电磁弹射起飞和阻拦着舰训练。

9月17日，由百度安全承办的2025 CCS成都网络安全技术交流活动分论坛，在成都顺利举办。

Europol and 18 countries used AI forensics to identify 51 child victims and 60 suspects in a global online abuse investigation.

BlackLock, a rebranded ransomware group formerly known as El Dorado, has emerged as a formidable threat to organizations worldwide. First identified in June 2024 when its Dedicated Leak Site (DLS) began exposing victim data, the gang is believed to have been active since March 2024. The latest analysis by AhnLab Security Intelligence Center (ASEC) sheds […]

The post BlackLock Ransomware Targets Windows, Linux, and VMware ESXi Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated spoofing campaign has emerged targeting the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3). Beginning in mid-September 2025, victims attempting to access IC3’s official portal were redirected to fraudulent domains crafted to mirror the legitimate site. The impersonators employed look-alike URLs—such as “ic3-gov.com” and “ic3gov.org”—and reproduced authentic branding, including the FBI seal […]

The post Threat Actors Impersonate FBI IC3 Website to Steal The Visitors’ Personal Information appeared first on Cyber Security News.

If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting your instance compromised via CVE-2025-10035. About CVE-2025-10035 CVE-2025-10035 is a critical deserialization vulnerability in the License servlet of Fortra’s GoAnywhere MFT managed file transfer solution, which is widely used by organizations of all sizes. The solution can be deployed on-premises, in the cloud, and in hybrid environments. According … More →

The post Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) appeared first on Help Net Security.

中国“防火长城”的发展与西方 surveillance 技术类似，依赖企业合作、灵活策略和遗留设施。相关公司从学术项目起步，在政府合同中成长。文档泄露揭示其运作模式：审查和宣传受企业财务目标驱动。