Aggregator

The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. [...]

Ukrainian government agencies have fallen victim to a sophisticated cyberattack campaign orchestrated by the UAC-0001 group, also known as APT28, targeting industrial control systems (ICS) devices running Windows operating systems as servers. The attacks, which occurred between March and April 2024, represent a significant escalation in state-sponsored cyber warfare tactics, demonstrating advanced techniques for penetrating […]

The post UAC-0001 Hackers Attacking ICS Devices Running Windows Systems as a Server appeared first on Cyber Security News.

Хватит гнаться за новыми гаджетами: устойчивый IT начинается с переосмысления подхода.

Newark, United States, 23rd June 2025, CyberNewsWire

Alleged Database Sale of Affinity Federal Credit Union

NASA Relay 2 实验通信卫星于 1964 年发射升空，1967 年完全停止运作，之后一直停留在轨道上。将近 60 年后，澳大利亚天文学家使用射电望远镜阵列 Australian Square Kilometre Array Pathfinder (ASKAP)搜寻快速射电暴信号时在 Relay 2 所处位置探测到了短暂而强大的射电脉冲，令他们困惑不已。信号持续不到 30 纳秒，但在短时间内其亮度超过了天空中的所有其他天体。他们一开始以为是新的脉冲星或类似天体，之后发现信号来自于地球轨道上的 Relay 2。他们猜测可能是静电放电之类的事件，或者微陨石撞击产生的带电等离子体云。

A critical vulnerability, designated as CVE-2025-49825 that enables attackers to remotely bypass authentication controls in Teleport, a popular secure access platform.  The vulnerability affects multiple versions of Teleport infrastructure, prompting immediate security updates across all deployment environments.  Cloud customers have received automatic updates to their control plane versions, while organizations managing their own agents must […]

The post Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls appeared first on Cyber Security News.

A vulnerability was found in NCR Terminal Handler 1.5.1 and classified as critical. This issue affects some unknown processing of the component Account Handler. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2023-47294. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in Sensopart VISOR Vision Sensors and classified as problematic. This vulnerability affects unknown code. The manipulation leads to Local Privilege Escalation. This vulnerability was named CVE-2023-50450. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in NCR Terminal Handler 1.5.1. This affects an unknown part of the component Text Field Handler. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2023-47295. The attack can only be done within the local network. There is no exploit available.

关于手表版本 apk 逆向分析过程 by ourren

更多最新文章，请访问SecWiki

A vulnerability, which was classified as problematic, has been found in Freedesktop xdg-utils up to 1.2.1. Affected by this issue is some unknown functionality of the component xdg-open. The manipulation of the argument and leads to cross-site request forgery. This vulnerability is handled as CVE-2025-52968. The attack may be launched remotely. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place. "Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic

A vulnerability classified as critical was found in NCR Terminal Handler 1.5.1. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to command injection. This vulnerability is known as CVE-2023-47297. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical has been found in MLflow up to 3.0.x. Affected is an unknown function of the component gateway_proxy_handler Validator. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-52967. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zimbra Collaboration Suite 8.8.15/9.0/10.0/10.1. It has been rated as problematic. This issue affects some unknown processing of the component Classic UI. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-48700. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in NCR ITM Web Terminal 4.4.0/4.4.4. It has been declared as critical. This vulnerability affects unknown code of the component IP Camera URL Component. The manipulation leads to privilege escalation. This vulnerability was named CVE-2023-48978. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in NCR Terminal Handler 1.5.1. It has been classified as problematic. This affects an unknown part of the component SOAP API Endpoint. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-47298. It is possible to initiate the attack remotely. There is no exploit available.