Aggregator

A vulnerability has been found in Mozilla Firefox up to 120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component NSS NIST Curve Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2023-6135. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD Ryzen and EPYC. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Vector Register File Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2023-20593. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Node.js. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Experimental Policy Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2023-30584. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component AMD. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-20569. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum computing and AI. He also covers challenges with IoT visibility, security, and new regulations. For CISOs building or improving an IoT security strategy, what should be the top 3 priorities? 1. First off, creating an IoT infrastructure that matches … More →

The post Strategies to secure long-life IoT devices appeared first on Help Net Security.

6月24日16：00不见不散！

DanaBleed漏洞是在2022年6月随DataBot 2380版本引入的，该版本新增了一个命令和控制（C2）协议。

1.Qilin勒索团伙公布了新的受害公司 2.Play勒索团伙公布了新的受害者 3.INC Ransom团伙公布新的受害公司

Браузер, который не знает о вас ничего, теперь знает всё о мошенниках.

本文约4029字，预计阅读时间12分钟。2025年6月11日普老板在克里姆林宫举行会议，审查2027-2036年俄国家军备计划草案的主要参数。

A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_reserve.php. The manipulation of the argument firstname leads to sql injection. This vulnerability is known as CVE-2025-6394. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is traded as CVE-2025-6393. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Cold email still works in 2025—but only if done right. Learn best practices, deliverability tips, and how to secure your domain for real results.

The post Is Cold Email Still Effective in 2025? Best Practices for Outreach and Security appeared first on Security Boulevard.

Submit #597662 / VDB-313387

Submit #597637 / VDB-214699

Submit #597591 / VDB-313386

Submit #597592 / VDB-313386

Submit #597566 / VDB-313386

Submit #597565 / VDB-313386

A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5138. The attack can be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way.