Aggregator

CVE-2025-4980 | Netgear DGND3700 1.1.00.15_1.00.15NA mini_http /currentsetting.htm information disclosure

VulDB Recent Entries
7 months ago
A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-4980. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. Other products might be affected as well. The vendor was contacted early about this disclosure.
vuldb.com

CVE-2025-4978 | Netgear DGND3700 1.1.00.15_1.00.15NA Basic Authentication /BRS_top.html improper authentication

VulDB Recent Entries
7 months ago
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-4978. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. Other products might be affected as well. The vendor was contacted early about this disclosure.
vuldb.com

CVE-2025-4977 | Netgear DGND3700 1.1.00.15_1.00.15NA /BRS_top.html information disclosure

VulDB Recent Entries
7 months ago
A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-4977. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. Other products might be affected as well. The vendor was contacted early about this disclosure.
vuldb.com

分数量子反常霍尔效应

Solidot
7 months ago
永远不会出错的量子计算机正是拓扑量子计算的承诺。传统量子比特极易受环境干扰;而拓扑量子比特天生具备容错能力。过去的几十年里,科学家们一直在寻找拓扑量子比特的合适物理载体。2013 年清华大学团队首次在无磁场条件下观测到"量子反常霍尔效应"。如今科学家在这座"量子金矿"中挖掘出新的"宝藏"——分数量子反常霍尔效应。作为量子霍尔家族的新成员,分数量子反常霍尔效应在高填充分数或超导条件下,能够支持Z3仲费米子,从而实现斐波那契任意子统计并实现通用拓扑量子比特。

Closing security gaps in multi-cloud and SaaS environments

Help Net Security
7 months ago

In this Help Net Security interview, Kunal Modasiya, SVP, Product Management, GTM, and Growth at Qualys, discusses recent Qualys research on the state of cloud and SaaS security. He talks about how siloed visibility, fragmented tools, and a lack of incident response skills leave organizations vulnerable to misconfigurations, account hijacking, and other threats. Modasiya explains that only a unified, context-aware security strategy can consolidate risk insights, close remediation gaps, and align with how businesses build … More →

The post Closing security gaps in multi-cloud and SaaS environments appeared first on Help Net Security.

Mirko Zorz

The Dark Web Kill List

网安志异
7 months ago
介绍网络安全专家克里斯·蒙泰罗和记者卡尔·米勒发现并调查一个暗网上的虚假雇佣杀手网站的故事。 克里斯最初调查该网站时认为它是一个骗局,但通过一个安全漏洞获得了用户的机密信息,揭示了真实存在的谋杀委托。 尽管面临威胁和警方的不信任,他们坚持揭露这个网站,警告潜在受害者,甚至与警方合作促成了一些逮捕行动。 这个经历对他们个人产生了深刻影响,并让他们质疑媒体和执法部门在这种极端情况下的作用。

微软开源 Windows Subsystem for Linux

Solidot
7 months ago
微软宣布开源 Windows Subsystem for Linux(WSL),源代码采用 MIT 许可证托管在该公司旗下的 GitHub 平台上。微软是在 2016 年的 BUILD 开发者大会上首次宣布 WSL,它随 Windows 10 周年更新提供给用户。WSL 一开始是基于 pico-processes 程序 lxcore.sys 实现原生运行 ELF 可执行程序,在 Windows 内核中实现 Linux 系统调用,这就是第一代的 WSL。微软随后认识到实现与原生 Linux 最佳兼容性的最好方法是依赖 Linux 内核本身。WSL 2 由此诞生,它于 2019 年首次宣布。WSL 的最新版本是 WSL 2.5.7。

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

The Hackers News
7 months ago
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names of the Python packages are below - checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads)
The Hacker News

Containers are just processes: The illusion of namespace security

Help Net Security
7 months ago

In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that openness fueled strong communities and faster security improvements, making OSS often more secure than proprietary code. Today, a new kind of misinformation has emerged, the opposite of FUD: it downplays real open source security risks that should raise concern. The biggest security fallacy today is that Linux namespaces are security boundaries. From … More →

The post Containers are just processes: The illusion of namespace security appeared first on Help Net Security.

Help Net Security

CVE-2024-5878 | SimpleLightbox Photo Gallery, Sliders, Proofing and Themes up to 2.1.5 on WordPress JavaScript Library cross site scripting

VulDB Recent Entries
7 months ago
A vulnerability classified as problematic was found in SimpleLightbox Photo Gallery, Sliders, Proofing and Themes up to 2.1.5 on WordPress. Affected by this vulnerability is an unknown functionality of the component JavaScript Library. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5878. The attack can be launched remotely. There is no exploit available.
vuldb.com

Managed ad