Aggregator

A vulnerability described as problematic has been identified in Synapse up to 1.24.x. This impacts an unknown function of the file .well-known. Executing manipulation can lead to resource consumption. This vulnerability is handled as CVE-2021-21274. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in GTKWave 3.3.115 and classified as critical. This affects the function fstReaderIterBlocks2. The manipulation of the argument len leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2023-36747. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-54948 Trend Micro Apex One OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

The winning projects were competitively selected following a call for innovative proposals that address technical needs related to NIST’s research areas.

Face morphing software, which combines photos of different people into a single image, is being used to commit identity fraud.

A vulnerability described as critical has been identified in Smartmax Mailmax 5.0.10.8. Affected by this issue is some unknown functionality of the component IMAP Server. Executing manipulation of the argument SELECT can lead to memory corruption. The identification of this vulnerability is CVE-2003-0319. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

​下一个被 AI 替代的职业，是游戏陪玩吗？

WarLock ransomware claims breach at Colt and Hitachi, with Colt investigating and working to restore systems while experts…

Симуляция ридберговских атомов раскрыла скрытые свойства квантовой энтропии.

功能概述：命令行版本的国密sm系列算法小工具因为我的使用环境的mscOS，所以具体情况各位小伙伴根据自身保存情

U.S. authorities seized $2.8 million crypto and $70,000 from Ianis Aleksandrovich Antropenko, who they say used the Zeppelin ransomware to attack companies in the United States and elsewhere and then laundered the cryptocurrency used to pay the ransoms through a crypto mixer and by exchanging it for cash.

The post DOJ Seizes $2.8 Million, Indicts Alleged Zeppelin Ransomware Operator appeared first on Security Boulevard.

Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA). [...]

关键词网络攻击名为EncryptHub的威胁行为者正在继续利用现已修补的 Microsoft Windows

关键词Windows微软近期推送的 Windows 11 24H2 累积安全更新（KB5063878）引发广泛

关键词数据泄露网络安全研究人员近期发现，大量公开可访问的 TeslaMate 实例在未启用身份验证的情况下暴露

关键词数据泄露知名人力资源软件巨头Workday近日披露一起数据泄露事件，其第三方客户关系管理系统遭到黑客入侵

Chinese-speaking cybercriminals are using ghost-tapping techniques to take advantage of Near Field Communication (NFC) relay tactics in a sophisticated evolution of payment card fraud. They are mainly targeting mobile payment services such as Apple Pay and Google Pay. This attack vector involves relaying stolen payment card credentials from compromised devices to mules’ burner phones, enabling […]

The post New Ghost-Tapping Attacks Target Apple Pay and Google Pay Users’ Linked Cards appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

玄道，一个被传奇色彩包裹的男子，据传曾以非凡之姿，与日争辉，穿越卫星之轨。

Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stage malware operation, Zscaler