Aggregator

360高级威胁研究院近期监测数据显示，Gamaredon组织正在利用CVE-2025-8088（WinRAR路径遍历漏洞）进行鱼叉式网络钓鱼攻击。

Расследование показало, как сеть компаний вокруг Intellexa продолжает тайно поставлять шпионское ПО Predator по всему миру, несмотря на санкции и скандалы.

牛津大学领导的国际团队确认了迄今观测到的最大宇宙旋转结构——一个距离地球约 1.4 亿光年、“如刀刃般”嵌入巨大旋转宇宙丝状体中的星系链。它被称为“宇宙流动的化石记录”，为研究早期宇宙星系形成提供了全新视角。宇宙丝状体是宇宙中已知最大的结构类型，是由星系和暗物质组成的细长网络，充当了物质和动量流向星系的“高速公路”。团队利用南非 MeerKAT 射电望远镜的数据，结合暗能量光谱仪和斯隆数字巡天的光学观测结果，发现了这个由 14 个富含氢气的星系排列成的“长链”，其长约 550 万光年、宽约 117000 光年，嵌入在一个超过 280 个星系的丝状体内。最新发现的特殊之处在于，该丝状体不仅自身在旋转，星系的自转方向还与纤维结构自身旋转高度相关。这一发现远超随机分布的预期，挑战了现有星系形成模型。动力学模型显示，其旋转速度达 110 公里/秒。

A major disruption swept across the internet today as Cloudflare, a critical backbone for millions of websites, reported widespread issues with its Dashboard and APIs, triggering 500 Internal Server Errors for users globally. The outage, confirmed by Cloudflare’s status page, began around 08:56 UTC and impacted management tools, automations, and integrations reliant on these services. […]

The post Cloudflare Outage Hits Internet with 500 Internal Server Error appeared first on Cyber Security News.

Разговор Брина и Хассабиса на I/O показал, насколько неопределённы прогнозы.

Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors

Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports. [...]

A vulnerability identified as critical has been detected in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. This vulnerability appears as CVE-2025-14094. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. This vulnerability is reported as CVE-2025-14093. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax BR-6478AC V3 1.0.15. It has been rated as critical. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. This vulnerability is documented as CVE-2025-14092. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #696668 / VDB-334484

Submit #696633 / VDB-334483

Submit #696632 / VDB-334482

用 Mock 热加载隔离客户端与真实后端，进行无痕沙箱测试，快进来看！

希望师傅们不仅能在TSRC收获更多的奖励，也能有更好的体验。

Полиция в нескольких странах ликвидировала мощную сеть, заманивавшую жертв с помощью дипфейков и ложной рекламы.

A vulnerability was found in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. It has been declared as critical. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. This vulnerability is registered as CVE-2025-14091. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.