Aggregator

A vulnerability, which was classified as critical, was found in Microhard IPn4Gii and Bullet-LTE up to 1.2.0-r1132. Affected is an unknown function of the component AT+MNNETSP Command Handler. The manipulation leads to argument injection. This vulnerability is traded as CVE-2025-35009. An attack has to be approached locally. There is no exploit available.

Residents and businesses across New Zealand’s North and South Islands experienced an unexpected and widespread interruption to wireless internet and radio services. The cause was traced to HMAS Canberra, the Royal Australian Navy’s largest warship, as it navigated the Cook Strait en route to Wellington. The ship’s advanced navigation radar system, operating in the 5 […]

The post Australian Naval Operations Accidentally Jam New Zealand’s Internet and Radio appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google 创办于 World Wide Web 诞生之后，但它成功的按照自己的方式塑造了 Web。今天任何想要被发现的网站都要遵守 Google 的规定。但在反垄断诉讼中败诉可能导致 Google 本身以及整个 Web 再次被重塑。法庭将于 8 月公布裁决结果。Google 可能要被迫出售浏览器 Chrome，或者可能要面临与其它公司分享搜索索引和算法。Google 构建了一个规模无与伦比的 Web 索引，其抓取的 Web 内容比任何竞争对手都要多。这既是优势也是劣势，由于其索引的内容是如此纷杂和重复，它的搜索体验日益混乱。美国司法部认为，Google 的海量搜索索引是构建搜索引擎的“基本原料”，迫使 Google 授权第三方公司使用索引将是打破其对搜索市场垄断的关键。Kagi 创始人兼 CEO Vladimir Prelovac 认为，分享 Google 搜索索引将会立即催生更多搜索选择，让自定义搜索工具成为可能，城市可以利用它构建深度的超本地化搜索，爱猫者可以用它构建专门的猫咪搜索。他认为从长远看 AI 将是我们获取信息的默认方式，但 Kagi 并不强迫用户使用 AI 去搜索信息。他并不认为目前基于大模型的 AI 是答案。

只有将“高标准安全要求+强制保险挂钩+第三方激励监管+合同机制嵌入+能力持续提升”有机结合，才能真正实现供应链安全治理的闭环和持续优化。

特朗普签署修正奥巴马和拜登政府网络政策的行政命令

For the latest discoveries in cyber research for the week of 9th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American tax company, Optima Tax Relief, has disclosed a ransomware attack that resulted in the theft of 69GB of sensitive data, including corporate records and customer case files containing personal information such […]

The post 9th June – Threat Intelligence Report appeared first on Check Point Research.

A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in […]

A vulnerability has been found in Newsletter Plugin up to 8.84 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Form Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-3582. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CodeIgniter up to 3.1.8. It has been rated as critical. This issue affects some unknown processing of the component Session Library. The manipulation leads to session fixiation. The identification of this vulnerability is CVE-2018-12071. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-5863. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. This vulnerability is handled as CVE-2025-5865. Access to the local network is required for this attack. There is no exploit available. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory."

A vulnerability was found in Red Hat Enterprise Linux and OpenShift Container Platform. It has been rated as problematic. This issue affects some unknown processing of the component Bind-propagation Option. The manipulation of the argument mount leads to improper input validation. The identification of this vulnerability is CVE-2024-9407. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Honding Smart Parking Management System up to 1.4. Affected by this issue is some unknown functionality. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is handled as CVE-2025-5893. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2025-5866. Access to the local network is required for this attack to succeed. There is no exploit available.

Пока Европа обсуждает экологию, США избавляется от устаревших запретов.

Откуда берётся таинственная папка на диске C и что она охраняет.

The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware

Socket’s Threat Research Team has uncovered two malicious npm packages, express-api-sync and system-health-sync-api, designed to masquerade as legitimate utilities while embedding destructive backdoors capable of annihilating production systems. Published under the npm alias “botsailer” with the associated email anupm019@gmail[.]com, these packages represent a shift from traditional data theft to outright sabotage. New Wave of Sabotage […]

The post Malicious npm Utility Packages Enable Attackers to Wipe Production Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Да, оправдание «ИИ меня подставил» не сработает...