Aggregator

CVE-2025-32899 | KDE Connect up to 1.32.x on Android Packet improper preservation of consistency between independent representations of shared state

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability labeled as problematic has been found in KDE Connect up to 1.32.x on Android. This issue affects some unknown processing of the component Packet Handler. The manipulation results in improper preservation of consistency between independent representations of shared state. This vulnerability is known as CVE-2025-32899. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.
vuldb.com

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The Hackers News
1 month 2 weeks ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. "
The Hacker News

CVE-2025-32900 | KDE Connect information-exchange Protocol prior 2025-04-18 less trusted source

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability categorized as problematic has been discovered in KDE Connect information-exchange Protocol. This affects an unknown part. Executing manipulation can lead to use of less trusted source. This vulnerability appears as CVE-2025-32900. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-32898 | KDE Connect verification-code Protocol entropy

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in KDE Connect verification-code Protocol. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Such manipulation leads to insufficient entropy. This vulnerability is documented as CVE-2025-32898. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer

Cyber Security News
1 month 2 weeks ago

A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms. What makes this attack unique is that the user’s funds remained visible […]

The post Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer appeared first on Cyber Security News.

Tushar Subhra Dutta

自组装轻型飞机因 3D 打印零部件受热软化而坠机

Solidot
1 month 2 weeks ago
Cozy Mk IV 是一款实验性的可以购买零部件在家自组装的轻型飞机。3 月 18 日一架 Cozy Mk IV 飞机在英国 Staverton 的 Gloucestershire 机场发生了坠机事故,机上只有一名飞行员,他只受到了轻伤。英国航空事故调查局(AAIB)的调查发现,事故原因是 3D 打印的进气弯管使用了不合适的材料制造,在引擎产生的高温下受热后软化,导致结构变形。飞行员当时发现发动机完全失去动力。AAIB 表示未来将会加强对 3D 打印零部件的检查。

斯巴鲁车主抱怨驾车过程中弹出全屏广告

Solidot
1 month 2 weeks ago
斯巴鲁车主抱怨驾车过程中车载信息娱乐系统弹出了 SiriusXM 的全屏广告,有时甚至覆盖了 Apple CarPla。斯巴鲁表示广告每年只弹出两次,但车主认为弹出广告会导致分心和影响行车安全,担心汽车行业在这方面的做法会愈发恶劣。一位 2024 年款 Crosstrek 车主称,弹出式广告出现时候他们正在用 Apple CarPlay,广告占据了整个屏幕。为投放车载广告而强制关闭使用中应用的做法尤其恶劣。斯巴鲁发言人表示他们将开会讨论该问题,他们非常重视客户的反馈。斯巴鲁表示广告通常在每年的阵亡将士纪念日和感恩节前后发送两次。

Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely

Cyber Security News
1 month 2 weeks ago

A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the SNMP device configuration functionality. The vulnerability resides in the device […]

The post Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

Abinaya

Weekly Update 481

Troy Hunt
1 month 2 weeks ago

Twelve years (and one day) since launching Have I Been Pwned, it's now a service that Charlotte and I live and breathe every day. From the first thing every morning to the last thing each day, from holidays to birthdays, in sickness and in heal... wait a minute

Troy Hunt

Breach Roundup: React Flaw Incites Supply Chain Risk

DataBreachToday.com
1 month 2 weeks ago
Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for 'Evil Twin' Hack
This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi "evil twin" crimes. The US FTC will send $15.3 million to Avast users. A London council said attackers stole data.

Brickstorm Malware Hits US Critical Systems, CISA Warns

DataBreachToday.com
1 month 2 weeks ago
Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring
U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels.

Managed ad