Aggregator

The Treasury Department is moving to cut off Huione Group, a Cambodian conglomerate, from the U.S. financial system, saying the firm and its multiple entities laundered billions of dollars for North Korea's Lazarus Group and criminal gangs running pig-butchering scams from Southeast Asia.

The post Treasury Moves to Ban Huione Group for Laundering $4 Billion appeared first on Security Boulevard.

A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers. [...]

A vulnerability was found in Aruba Networks ArubaOS and classified as critical. This issue affects some unknown processing of the component Command Line Interface. The manipulation leads to command injection. The identification of this vulnerability is CVE-2022-37902. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-4062. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument first_name/last_name leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-4063. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-4064. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Silabs Series 2 SoC and classified as problematic. This vulnerability affects unknown code of the component ECDH/EdDSA. The manipulation leads to comparison logic is vulnerable to power side-channel attacks. This vulnerability was named CVE-2025-3301. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability classified as very critical has been found in SAP NetWeaver 7.50. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-31324. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

Tien landmachtmilitairen zijn vandaag in het Franse Arromanches-des-Bains begonnen aan een estafette van bijna 1.000 kilometer. Met de actie brengen zij het bevrijdingsvuur van de Normandische stranden naar het Friese Kazemattenmuseum.

Gutting CISA won't just lose us a partner. It will lose us momentum. And in this game, that's when things break.

The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities

The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." [...]

Борьба с порнографией становится ширмой, за которой прячется цифровой контроль.

A vulnerability, which was classified as critical, has been found in Wasmtime up to 2.0.1. This issue affects some unknown processing. The manipulation leads to sensitive information in resource not removed before reuse. The identification of this vulnerability is CVE-2022-39393. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in haf DotNetZip.Semverd up to 1.16.0. It has been rated as critical. This issue affects some unknown processing of the file src/Zip.Shared/ZipEntry.Extract.cs. The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-48510. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Linux Kernel. Affected by this issue is the function hci_uart_register_dev in the library include/linux/skbuff.h of the component Bluetooth. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2025-23139. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

部分哺乳动物和鸟类能跟随节奏信号做出动作，然而大多数脊椎动物几乎没有能够保持节拍同步的证据。发表在《Scientific Reports》期刊上的一项研究发现，一只 15 岁的加州海狮罗南(Ronan)在 3 岁时经过训练，能够识别节拍并随着节拍点头，且将这一能力保留到了成年。研究人员评估了罗南在112、120和128拍每分钟(bpm)的鼓点节奏下做出动作的一致性和协调性。随后将同样的声音呈现给10名大学生(18-23岁)，要求他们随着鼓点拍手。研究人员利用视频追踪软件检查了参与者打拍子的准确性，发现罗南打拍子总体而言比人类参与者更准确、变化性更小：罗南相较人类的准确性随着节奏加快而提高，其128拍每分钟下，平均节拍是129拍每分钟(±2.94)，而人类平均节拍是116.2拍每分钟(±7.34)。测试结束后，罗南得到一个装满鱼和冰的玩具作为奖励。