Aggregator

A vulnerability was found in Artifex GhostXPS up to 10.5.x. It has been declared as critical. Impacted is the function xps_unpredict_tiff of the file xpstiff.c. Executing manipulation of the argument samplesperpixel can lead to stack-based buffer overflow. This vulnerability appears as CVE-2025-59801. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Artifex Ghostscript up to 10.05.1. It has been classified as critical. This issue affects the function ocr_begin_page of the file devices/gdevpdfocr.c. Performing manipulation of the argument ocr_line8 results in integer overflow. This vulnerability is reported as CVE-2025-59800. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Sitecore Experience Manager and Experience Platform up to 10.4 and classified as problematic. This vulnerability affects unknown code. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-53692. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Artifex Ghostscript up to 10.05.1 and classified as critical. This affects the function pdf_write_cmap of the file devices/vector/gdevpdtw.c. This manipulation causes stack-based buffer overflow. This vulnerability is registered as CVE-2025-59798. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in Artifex Ghostscript up to 10.05.1. Affected by this issue is the function pdfmark_coerce_dest of the file devices/vector/gdevpdfm.c. The manipulation of the argument size results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-59799. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Coinomi up to 1.7.6. It has been declared as problematic. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2017-20200. The attack can be launched remotely. Moreover, an exploit is present. The vendor replied with: "(...) there isn't any security implication associated with your findings."

Это похоже на виртуалки, но проще и ближе к «железу».

Kubernetes has moved well past its early adoption phase. The new Komodor 2025 Enterprise Kubernetes Report shows that technical teams are shifting their focus from running containers to managing a growing mix of AI workloads and advanced automation practices like GitOps. “Organizations have made Kubernetes their standard, but our report shows the real challenge is operational, not architectural,” said Itiel Shwartz, CTO of Komodor. “Even as practices like GitOps and platform engineering gain traction, enterprises … More →

The post Kubernetes matures as AI and GitOps reshape operations appeared first on Help Net Security.

本文详细讲解了WebShell的概念、分类及其检测原理，并介绍了D盾工具的功能与使用方法。通过实验步骤演示了如何利用D盾查杀WebShell并清除恶意脚本。

当 OPPO 决定为大众机型的流畅体验负责到底时，他们也为自己赢得了通往未来的、最坚实的一张门票。

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. Affected is the function ipv6_gso_segment in the library /include/linux/skbuff.h of the component ipv6. Performing manipulation results in privilege escalation. This vulnerability was named CVE-2025-38572. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.15.9/6.16.0. The impacted element is the function perf_mmap. Such manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2025-38564. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. Impacted is the function perf_mmap. This manipulation causes improper update of reference count. This vulnerability is handled as CVE-2025-38565. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.17-rc1 and classified as problematic. The affected element is an unknown function. Executing manipulation can lead to state issue. This vulnerability is registered as CVE-2025-38560. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

In this Help Net Security video, Brittany Allen, Senior Trust and Safety Architect at Sift, explores how the rise of AI agents is creating new fraud risks. She explains how these agents, while designed to assist users, can unintentionally help fraudsters by carrying out tasks without recognizing malicious intent. Brittany also discusses why humans relying on AI may overlook classic red flags in online scams and how AI-driven activity disrupts established fraud detection patterns. As … More →

The post AI needs ethics to avoid real-world harm appeared first on Help Net Security.

A vulnerability was found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0 and classified as critical. This impacts the function composite_dev_cleanup of the component usb. The manipulation results in use after free. This vulnerability is cataloged as CVE-2025-38555. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

退休有助于改善心理健康，但并非对人人有效。根据发表在《SSM - Mental Health》起上的一项新研究，在结束朝九晚五的工作后，退休对心理健康的影响取决于收入水平、所从事工作的性质以及离开职场的年龄。爱丁堡大学团队评估了荷兰 1583 名受访者的数据集，受访者已退休且未从事任何有偿工作，平均退休年龄 66-67 岁。结果显示：低收入群体——收入低于最低工资标准——退休期间心理健康水平最低，他们表现出了初期的改善，但约两年半后出现下降，呈现出倒 U 形特征，即所谓的“蜜月消退效应”；中等收入群体退休前的心理健康状况显著改善，之后略有提升；高收入群体在退休前后心理健康状况没有变化，但在退休后出现显著改善，其中较晚退休者改善较慢。

退休对心理健康的影响因收入水平、工作性质和退休年龄而异。低收入者初期改善后下降，中等收入者持续提升，高收入者退休后显著改善。

От Леонардо да Винчи до зумеров: маргиналии развивают интеллект уже 500 лет.

播客探讨情境意识与家庭安全，嘉宾分享识别异常行为、应急计划及教孩子安全技能的实用技巧，并涉及数字安全。