Aggregator

The data dump will likely shed light on LockBit’s recent activity and help law enforcement trace cryptocurrency transactions

SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also been leveraged in the wild. The vulnerabilities and the attack chain Sonicwall SMA100 Series appliances provide a unified secure access (VPN) gateway for small and medium-size businesses, and are regularly targeted by attackers. Reported by Rapid7 … More →

The post Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) appeared first on Help Net Security.

Outpost24 integration of two new Digital Risk Protection (DRP) modules to its External Attack Surface Management (EASM) platform. The Social Media and Data Leakage modules are now offered alongside the Leaked Credentials and Dark Web modules to enhance customer insights into the entire attack surface. From access to private and exclusive sources, strong automation capabilities, and powered by advanced threat intelligence, Outpost24’s new DRP modules assist organizations in getting a full overview of external threats … More →

The post Outpost24 expands EASM platform with modules for social media and data leakage appeared first on Help Net Security.

路由器采用EUI-64地址和可预测MAC分配模式会造成隐私风险，即使用户设备本身未泄露信息，也可能因邻近设备而被间接定位 （开盒住址）

路由器采用EUI-64地址和可预测MAC分配模式会造成隐私风险，即使用户设备本身未泄露信息，也可能因邻近设备而被间接定位 （开盒住址）

Включил Starlink в Кашмире — стал врагом государства. И Маск уже пообещал помочь с отключением.

CISA released five Industrial Control Systems (ICS) advisories on May 8, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-128-01 Horner Automation Cscape
• ICSA-25-128-02 Hitachi Energy RTU500 series
• ICSA-25-128-03 Mitsubishi Electric CC-Link IE TSN
   
• ICSA-25-093-01 Hitachi Energy RTU500 Series (Update A)
   
• ICSMA-25-128-01 Pixmeo OsiriX MD

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

DigiCert survey finds only 5% of global businesses are using post-quantum cryptography

A vulnerability was found in Oracle MySQL Server up to 8.0.34/8.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component InnoDB. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-22066. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle MySQL Server up to 8.0.34/8.1.0. This affects an unknown part of the component InnoDB. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-22068. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle MySQL Server up to 5.7.42/8.0.33. This affects an unknown part of the component Client programs. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2023-22053. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle MySQL Server up to 8.0.33. This issue affects some unknown processing of the component Optimizer. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-22046. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Oracle MySQL Server up to 8.0.33. Affected is an unknown function of the component Optimizer. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-22054. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Oracle MySQL Server up to 8.0.33 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Optimizer. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-22056. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle MySQL Server up to 8.0.33. Affected is an unknown function of the component DDL. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-22058. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle MySQL Server up to 8.0.33. It has been rated as critical. This issue affects some unknown processing of the component InnoDB. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-22033. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Oracle MySQL Server up to 8.0.33 and classified as critical. This vulnerability affects unknown code of the component Optimizer. The manipulation leads to denial of service. This vulnerability was named CVE-2023-22110. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle MySQL Server up to 8.0.34 and classified as critical. This issue affects some unknown processing of the component Optimizer. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-22112. The attack may be initiated remotely. There is no exploit available.

Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).