Aggregator

A vulnerability was found in Nothings stb_vorbis 1.22. It has been rated as critical. This affects the function Comment. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2023-47212. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in Foxit Reader 2024.1.0.23997. Affected by this issue is some unknown functionality of the component PDF Document Handler. The manipulation results in use after free. This vulnerability is cataloged as CVE-2024-25938. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Foxit Reader 2024.1.0.23997. It has been declared as critical. Affected is an unknown function of the component PDF Document Handler. Executing manipulation can lead to use after free. This vulnerability is tracked as CVE-2024-25648. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Foxit Reader 2024.1.0.23997. This affects an unknown function of the component PDF Document Handler. This manipulation causes type confusion. This vulnerability is handled as CVE-2024-25575. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Tinyproxy 1.10.0/1.11.1. It has been classified as very critical. Affected by this vulnerability is an unknown functionality of the component HTTP Connection Header Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-49606. The attack is possible to be carried out remotely. No exploit exists.

Поддельная защита превратилась в идеальный инструмент киберразведки.

Arch Linux 项目披露其基础设施遭遇了 DDoS 攻击，提供了一旦网站发生宕机的一些权益方法，如使用镜像。Arch Linux 称，持续的 DDoS 攻击主要影响主网页、Arch User Repository (AUR)和论坛，它正在与托管服务提供商合作缓解攻击，同时在评估 DDoS 防护方案。

A vulnerability labeled as problematic has been found in GitLab Community Edition and Enterprise Edition up to 17.5.x. The impacted element is an unknown function. Such manipulation leads to execution with unnecessary privileges. This vulnerability is documented as CVE-2024-8266. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, has been found in ruby-jwt 3.0.0.beta1. This vulnerability affects unknown code. This manipulation causes inadequate encryption strength. This vulnerability is handled as CVE-2025-45765. The attack can be initiated remotely. There is not any exploit available. The actual existence of this vulnerability is currently in question.

A vulnerability, which was classified as problematic, was found in StarDict YouDao Plugin up to 3.0.7+git20220909+dfsg-6. The impacted element is an unknown function. Executing manipulation can lead to transmission of private resources into a new sphere ('resource leak'). The identification of this vulnerability is CVE-2025-55014. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as critical has been detected in GitLab Community Edition and Enterprise Edition up to 17.4.x. The affected element is an unknown function. This manipulation causes execution with unnecessary privileges. This vulnerability is registered as CVE-2024-7102. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in OpenJPEG 2.5.0. This impacts an unknown function of the file /openjp2/dwt.c. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2025-50952. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in GStreamer up to 1.26.1. Affected by this vulnerability is the function qtdemux_parse_tree of the component MP4 File Parser. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-47183. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability identified as critical has been detected in libav up to 12.3. This issue affects the function main of the file /avtools/avconv.c of the component DSS File Demuxer. This manipulation causes double free. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2025-8585. The attack is restricted to local execution. Moreover, an exploit is present. The bug was initially reported by the researcher to the wrong project.

GoDaddy Security researchers have unveiled a detailed analysis of Help TDS, a sophisticated Traffic Direction System operational since at least 2017, which exploits compromised websites to funnel traffic toward malicious scams. This operation supplies affiliates with PHP code templates that are injected into legitimate sites, primarily WordPress installations, to redirect visitors to fraudulent pages mimicking […]

The post Help TDS Hacks Legitimate Websites, Using PHP Templates to Display Fake Microsoft Security Alerts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

密歇根州的研究人员调查了亚马逊、Google、微软、Meta、Digital Realty 和 Equinix 六大公司数据中心用水量。亚马逊每年会发布可持续发展报告，但报告没有披露数据中心的用水量，微软的情况类似，Google 和 Meta 的报告更详细。根据 Google 和 Meta 的报告，2023 年 Meta 全球用水量为 8.13 亿加仑，其中 95% 即 7.76 亿加仑用于数据中心；2023 年 Google 全球运营用水量为 64 亿加仑，其中 95% 即 61 亿加仑用于数据中心，2024 年 Google 位于爱荷华州 Council Bluffs 的数据中心用水量达到了 10 亿加仑，是其所有数据中心中用水量最高的，用水量最少的是 Google 位于德州 Pflugerville 的数据中心，用水量 1 万加仑，相当于德州一个家庭两个月的用水量，该数据中心采用风冷而非水冷。

A vulnerability, which was classified as problematic, was found in Cisco Nexus 9000 9000. Impacted is an unknown function of the component ACI Mode Link Layer Discovery Protocol. The manipulation results in denial of service. This vulnerability is reported as CVE-2023-20089. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

Noah Michael Urban, a 20-year-old Florida man, was sentenced for his role as a member of the notorious Scattered Spider threat group in a series of phishing and other scams between 2022 and 2023 in which they got victims' credentials and used them to steal corporate information, customer data, and cryptocurrency.

The post 20-year-old Scattered Spider Member Sentenced to 10 Years in Prison appeared first on Security Boulevard.

Кража данных, фальшивые квартиры и целая сеть подпольных сервисов.

Operation Serengeti 2.0 dismantled almost 11,500 malicious infrastructures between June and August. Officials arrested more than 1,200 alleged cybercriminals.

The post Interpol-led crackdown disrupts cybercrime networks in Africa that caused $485 million in losses appeared first on CyberScoop.