Aggregator

Готовьтесь к утечке CPU, криптовалюте и новым соседям в crontab.

关键词安全漏洞周四,CISA警告美国联邦机构保护其系统免受利用Chrome网络浏览器中高严重性漏洞的持续攻击。

关键词勒索软件勒索软件团伙成员越来越多地使用一种名为Skitnet(“Bossnet”)的新恶意软件,在被破坏

关键词网络安全在刚刚落幕的Pwn2Own柏林2025黑客大赛中，安全研究人员通过成功利用28个零日漏洞，累计斩

关键词网络攻击网络安全研究人员近日发现一个针对Redis数据库的新型Linux系统攻击活动，代号"RedisR

In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex picture of progress, challenges, and a shifting mindset

Seven sources tell CyberScoop that a lack of coordination and miscommunication between federal agencies and the telecommunications industry left critical networks exposed to the Chinese hacking group.

The post ‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots appeared first on CyberScoop.

High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. "The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content," Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas

汽车行业重回「规模为王」。

A vulnerability was found in Koibox. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /es/dashboard/clientes/ficha/ of the component Profile Picture Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-40633. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in TP-Link Archer AX50 1.0.11 Build 2022052. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file conn-indicator. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-40634. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

5月16日，国家信息安全漏洞库（CNNVD）2024年度工作总结暨优秀表彰大会在中国信息安全测评中心隆重召开。

速修复

A vulnerability was found in Connect-Multiparty 2.2.0 and classified as critical. Affected by this issue is some unknown functionality of the component PDF File Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2022-29623. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in 1E Client and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to files or directories accessible. This vulnerability is handled as CVE-2023-45160. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as very critical was found in 1E Platform up to 23 on Windows. Affected by this vulnerability is an unknown functionality of the component URL Parameter Handler. The manipulation leads to improper input validation. This vulnerability is known as CVE-2023-5964. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Canon imageRUNNER ADVANCE, imageRUNNER, imagePRESS V, imagePRESS and imageCLASS. It has been classified as problematic. This affects an unknown part. The manipulation leads to insufficiently protected credentials. This vulnerability is uniquely identified as CVE-2025-3078. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Canon imageRUNNER, imageCLASS, i-sensys and Satera. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2025-3079. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Motors Plugin up to 5.6.67 on WordPress. Affected is an unknown function of the component Password Update Handler. The manipulation leads to unverified password change. This vulnerability is traded as CVE-2025-4322. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in SimpleLightbox Photo Gallery, Sliders, Proofing and Themes up to 2.1.5 on WordPress. Affected by this vulnerability is an unknown functionality of the component JavaScript Library. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5878. The attack can be launched remotely. There is no exploit available.