Aggregator

小红书上多元长尾的生活需求，吸引着新一代的独立开发者们。

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

Учёные раскрыли ароматический код человеческих отношений.

Meta нашла способ легализовать массовый сбор данных пользователей.

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide. Some of these attacks represent much larger campaigns designed to target country-level infrastructure, acting as tools for geopolitical influence. It is […]

HackerNews 编译，转载请注明出处： Landmark Admin就其2024年5月遭遇的网络攻击调查发布更新，确认受影响人数已升至160万。 这家总部位于德克萨斯州的第三方管理公司（TPA）主要为Liberty Bankers Life、American Benefit Life等全国性大型保险公司提供保单核算、监管报告、再保险支持及IT系统服务。 2024年10月，该公司首次披露于2024年5月13日发现网络可疑活动。 未经授权的访问被认为导致806,519人的个人信息泄露，包括： 全名 家庭住址 社会安全号码 纳税识别号 驾照号码 州政府签发身份证 护照号码 金融账户号码 医疗信息 出生日期 健康保险单号 人寿及年金保单信息 具体泄露数据类型因人而异，Landmark承诺通过个性化信件告知每位受影响者其被泄露的具体信息。 在向缅因州总检察长办公室提交的更新文件中，Landmark表示调查显示实际受影响人数应为1,613,773人。 该公司强调取证调查仍在进行中，最终受影响人数可能进一步增加，未来或将多次修正统计结果。 最新公告声明：”Landmark已开始审查受影响系统，以确定具体受影响的个人及可能泄露的信息类型。在此过程中，我们将通过邮件逐步通知相关个人。” 数据泄露通知接收者可在收到通知后90日内通过专用热线提出质询。 Landmark同时提供12个月的身份盗窃保护与信用监控服务，以降低敏感数据暴露风险。 建议措施还包括监控信用报告、设置欺诈警报或启用安全冻结功能。     消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, was found in Ninja Filebird Plugin up to 6.4.2.1 on WordPress. This affects an unknown part. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2025-26977. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PwnDoc up to 1.1.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Backup Restore Handler. The manipulation leads to relative path traversal. This vulnerability is known as CVE-2025-27410. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PwnDoc up to 1.1.x and classified as critical. Affected by this vulnerability is an unknown functionality of the component Backup Restore Handler. The manipulation leads to path traversal: '../filedir'. This vulnerability is known as CVE-2025-27413. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been rated as critical. Affected by this issue is some unknown functionality of the component Firmware Image Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is handled as CVE-2025-27680. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been classified as problematic. This affects an unknown part of the component Client Inter-Process Security. The manipulation leads to client-side enforcement of server-side security. This vulnerability is uniquely identified as CVE-2025-27681. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-27684. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Vasion Print Virtual Appliance Host. Affected is an unknown function of the component Log Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-27682. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Vasion Print Virtual Appliance Host and classified as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2025-27683. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host and classified as problematic. This issue affects some unknown processing of the component Configuration File Handler. The manipulation leads to cleartext storage of sensitive information. The identification of this vulnerability is CVE-2025-27685. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Avid NEXIS E-series, NEXIS F-series, NEXIS PRO+ and System Director Appliance on Linux and classified as critical. This issue affects some unknown processing. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2024-26290. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ONLYOFFICE Document Server up to 7.5.0. It has been classified as critical. This affects an unknown part of the component File Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2023-46988. It is possible to initiate the attack remotely. There is no exploit available.

Email security solutions are critical for protecting organizations from the growing sophistication of cyber threats targeting email communication. As email remains a primary channel for business communication, it is also the most exploited vector for attacks such as phishing, malware distribution, and business email compromise (BEC). Implementing robust email security measures ensures the confidentiality, integrity, […]

The post 10 Best Email Security Solutions in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new form of phishing attack is making waves among job seekers, as cybercriminals exploit WhatsApp and Meta’s trusted branding to lure victims into sophisticated job offer scams. Security experts warn that these attacks are not only increasing in frequency but have also become more elaborate, bypassing many traditional security layers and preying on those […]

The post WhatsApp Job Offer Scam Targets Job Seekers in New Phishing Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Страна навела порядок в Android.