Aggregator

A vulnerability identified as critical has been detected in Tenda AC20 16.03.08.12. This issue affects the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-9090. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in Tenda AC20 16.03.08.12. Impacted is an unknown function of the file /etc_ro/shadow. The manipulation results in hard-coded credentials. This vulnerability was named CVE-2025-9091. The attack needs to be approached locally. In addition, an exploit is available.

Самые востребованные вредоносы глазами экспертов Positive Technologies.

Google 首次披露了其 AI 聊天机器人 Gemini 每次查询的耗电量：中位数是 0.24 瓦时。相当于一台标准微波炉运行约一秒钟的能耗。这 0.24 瓦时中，Google AI 芯片 TPU 的耗电量占了 58%，CPU 和内存占了 25%，备用机器占了 10%，冷却和功率转换等数据中心运营占了 8%。Google 计算的 AI 耗电量只针对文本生成，不涉及更复杂的如图像或视频生成等高能耗任务。Google 称，Gemini 的能耗过去一年多已经有了显著的改进，2024 年 5 月 Gemini 每次提示的耗电量中位数是 2025 年 5 月的 33 倍。能耗的改进得益于模型的改进和软件优化。Google 还公布了 Gemini 每次提示的二氧化碳排放和耗水量：分别为产生 0.03克二氧化碳和消耗 0.26 毫升水——相当于五滴水。

智商这玩意儿，在我大学毕业前，从来不信。被社会毒打后，见识了一拨又一拨碾压我的存在，我就老实了。

Trag's Developer-Centric Tools Help Aikido Slash Time to Market by 12 Months
Aikido Security acquired Trag, an AI-native code review startup, to bring repository-wide review capabilities to its platform. The acquisition accelerates delivery of new features, such as logic risk detection and English-language rule writing, aimed at beating legacy rivals.

State-Sponsored Espionage Group Tied to Exploits of No-Longer-Supported Cisco Gear
Russian intelligence hackers are using obsolete and unpatched equipment made by networking mainstay Cisco Systems to further stealthy and ongoing cyberespionage operations, the U.S. federal government warned Wednesday. Hackers exploit a vulnerability in the Smart Install feature of Cisco devices.

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration.

The post Think before you Click(Fix): Analyzing the ClickFix social engineering technique appeared first on Microsoft Security Blog.

利用预训练的语言模型释放基于语义的日志解析的真正潜力 by ourren

XSSky：融合动静态分析，精准狙击XSS漏洞 by ourren

更多最新文章，请访问SecWiki

A vulnerability, which was classified as critical, has been found in Ruijie RG-NBS2009G-P up to 20240305. Affected by this vulnerability is an unknown functionality of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2024-2641. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Ruijie RG-NBS2009G-P up to 20240305. Affected by this issue is some unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 results in command injection. This vulnerability is known as CVE-2024-2642. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in aio-libs aiohttp up to 3.9.3. The impacted element is an unknown function of the component POST Request Handler. Performing manipulation results in infinite loop. This vulnerability was named CVE-2024-30251. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in LIEF 0.14.1. Impacted is an unknown function of the file machd_reader.c. Such manipulation of the argument Name leads to information disclosure. This vulnerability is listed as CVE-2024-31636. The attack must be carried out locally. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in btcd up to 0.23.x. This affects an unknown part. This manipulation causes insufficient verification of data authenticity. The identification of this vulnerability is CVE-2024-34478. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Siemens TIA Administrator. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-23365. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in Delta Electronics DIAEnergie up to 1.11.00.002. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-57703. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Delta Electronics DIAEnergie up to 1.11.00.002. Affected by this issue is some unknown functionality. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-57703. The attack can be launched remotely. No exploit exists.

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been declared as critical. This impacts an unknown function of the file /boafrm/formFilter of the component Parameter Handler. Executing manipulation of the argument url can lead to buffer overflow. The identification of this vulnerability is CVE-2025-55586. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as critical has been detected in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected by this issue is some unknown functionality of the component Telnet Service. This manipulation causes use of weak credentials. This vulnerability is tracked as CVE-2025-55584. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as problematic has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. This affects the function eval. Such manipulation leads to injection. This vulnerability is listed as CVE-2025-55585. The attack may be performed from a remote location. In addition, an exploit is available.