Aggregator

A vulnerability classified as critical has been found in Bizerba GT-SoftControl up to 5.x. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-2819. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Beijing Honghu Yuntu Fast CAD Reader up to 4.1.5. It has been rated as problematic. This issue affects some unknown processing of the component File Permission Handler. The manipulation leads to incorrect privilege assignment. The identification of this vulnerability is CVE-2025-2098. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Icinga icingaweb2 up to 2.11.4/2.12.2. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-27404. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Icinga icingaweb2 up to 2.11.4/2.12.2. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-27405. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Claude could be getting a ChatGPT-like Deep Research feature called Compass. You can tell Claude's Compass what you need, and the AI agent will take care of everything. [...]

March 2025 saw a sharp uptick in cyber threats that put both individual users and organizations at risk. From banking apps weaponized to steal personal data, to trusted domains abused for redirecting users to phishing traps, cybercriminals didn’t hold back. Their tactics are growing more creative and more dangerous.  Here’s a breakdown of the three […]

The post Top 3 Cyber Attacks In March 2025 appeared first on Cyber Security News.

A sophisticated phishing campaign dubbed the “Clickflix Technique” has emerged targeting YouTube content creators through seemingly legitimate brand collaboration requests. This new attack vector exploits creators’ eagerness to secure sponsorship deals by disguising malware payloads as partnership documentation. Cybercriminals initiate contact via email or social media, posing as marketing representatives from established brands offering lucrative […]

The post YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique appeared first on Cyber Security News.

Alleged Sale of Unauthorized Access to a Major Airline in Iran

白盒+LLM漏洞挖掘的探索与实践 by ourren

网络流量分类的技术、数据集以及面临的挑战 by ourren

更多最新文章，请访问SecWiki

Recently, two critical security flaws were discovered in Kentico Xperience 13, a popular digital experience platform (CMS). Tracked as CVE-2025-2746 and CVE-2025-2747, these vulnerabilities allow unauthenticated attackers to bypass the Staging Sync Server’s authentication, potentially gaining administrative control over the CMS. Both issues carry a CVSS score of 9.8 (Critical) (Warning: Multiple Critical & High...

The post Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747) appeared first on IONIX.

The post Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747) appeared first on Security Boulevard.

Всего один вредоносный файл оборачивается коллапсом для целой отрасли.

比亚迪公布了 2024 年的年收入，得益于混动汽车的销售，收入增长 29% 达到 7770 亿元人民币（约 1070 亿美元），超过了特斯拉报告的 977 亿美元。特斯拉因马斯克与美国总统特朗普的关系而面临全球抵制，中国电动汽车制造商则面临西方关税的打压。比亚迪 2024 年售出的电动汽车数量与特斯拉基本相同——分别为 176 万辆和 179 万辆。但如果将混动汽车的销量考虑在内，比亚迪在 2024 年的全球销量将达到创纪录的 430 万辆。比亚迪还同时宣布了起售价为 119,800 元人民币的新车型秦 L，而特斯拉 Model 3 基础版售价为 235,500 元人民币。

由法国国家科学研究中心主导的国际科研团队，首次在火星上探测到长链有机分子癸烷、正十一烷和十二烷。这些分子最初或许是以长链羧酸的形式，悄然藏匿于泥岩之中。其中，含有12个碳原子的十二烷，更是科学家们迄今在火星上发现的最长有机分子。这些有机分子的来源仍然成谜，可能源自生物或非生物过程。探寻这些分子的来源及分布情况，对于在火星上寻找生命的“蛛丝马迹”，以及深入研究火星的宜居性，具有十分重要的意义。

Ботнет использует нестандартные алгоритмы для сокрытия команд.

230M stolen passwords met complexity requirements—and were still compromised. Passwords aren't going away for now, but there are new technologies that may increasingly replace them. Learn more from Specops Software about how to protect your passwords. [...]