Aggregator

A vulnerability classified as problematic was found in Johnson Controls OpenBlue Mobile Web Application. This affects an unknown function. Executing manipulation can lead to direct request. The identification of this vulnerability is CVE-2025-26381. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Johnson Controls iSTAR eX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra and iSTAR Ultra SE. The impacted element is an unknown function. Performing manipulation results in improper validation of certificate expiration. This vulnerability was named CVE-2025-61736. The attack may be initiated remotely. There is no available exploit.

大家好，我是二道。今天带来一则让人大跌眼镜的职场复仇故事：在美国，两名兄弟因为被解雇，一气之下黑进系统，删除了整整96个政府数据库！

A vulnerability described as problematic has been identified in KDE Connect up to 1.32.x on Android. The affected element is an unknown function of the component Broadcast UDP Handler. Such manipulation leads to improper validation of specified type of input. This vulnerability is uniquely identified as CVE-2025-32901. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

Check Point announced its new Check Point Quantum Firewall Software, R82.10, introducing 20 new capabilities designed to help enterprises safely adopt AI, protect distributed environments, and simplify zero trust across hybrid networks. “As organizations embrace AI, security teams are under growing pressure to protect more data, more applications and more distributed environments,” said Nataly Kremer, Chief Product Officer at Check Point Software Technologies. “R82.10 helps enterprises shift to a prevention-first model by unifying management, strengthening … More →

The post Check Point introduces Quantum Firewall R82.10 with new AI and zero trust security capabilities appeared first on Help Net Security.

A vulnerability marked as problematic has been reported in CKSource CKFinder on ASP.NET. Impacted is an unknown function. This manipulation causes relative path traversal. This vulnerability is handled as CVE-2016-20023. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in KDE Connect up to 1.32.x on Android. This issue affects some unknown processing of the component Packet Handler. The manipulation results in improper preservation of consistency between independent representations of shared state. This vulnerability is known as CVE-2025-32899. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in KDE Connect Protocol 8. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. This vulnerability is traded as CVE-2025-66270. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. "

A vulnerability categorized as problematic has been discovered in KDE Connect information-exchange Protocol. This affects an unknown part. Executing manipulation can lead to use of less trusted source. This vulnerability appears as CVE-2025-32900. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

Google сломала жизнь банковским троянам в новом Android.

A vulnerability was found in ColorOS up to 15. It has been rated as critical. Affected by this issue is some unknown functionality of the component Installation Handler. Performing manipulation results in authentication bypass by spoofing. This vulnerability is reported as CVE-2025-27389. The attack requires a local approach. No exploit exists.

A vulnerability was found in KDE Connect verification-code Protocol. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Such manipulation leads to insufficient entropy. This vulnerability is documented as CVE-2025-32898. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

面对漏洞修不完的困境，企业需建立例外管理机制，通过科学决策、流程留痕与动态复盘，实现从被动合规到主动安全运营的转变。

企业多年来依赖钓鱼邮件模拟与宣教培训构建安全意识体系，但最新研究表明，这些手段往往收效甚微，甚至可能适得其反。

A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms. What makes this attack unique is that the user’s funds remained visible […]

The post Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer appeared first on Cyber Security News.

Cozy Mk IV 是一款实验性的可以购买零部件在家自组装的轻型飞机。3 月 18 日一架 Cozy Mk IV 飞机在英国 Staverton 的 Gloucestershire 机场发生了坠机事故，机上只有一名飞行员，他只受到了轻伤。英国航空事故调查局（AAIB）的调查发现，事故原因是 3D 打印的进气弯管使用了不合适的材料制造，在引擎产生的高温下受热后软化，导致结构变形。飞行员当时发现发动机完全失去动力。AAIB 表示未来将会加强对 3D 打印零部件的检查。

斯巴鲁车主抱怨驾车过程中车载信息娱乐系统弹出了 SiriusXM 的全屏广告，有时甚至覆盖了 Apple CarPla。斯巴鲁表示广告每年只弹出两次，但车主认为弹出广告会导致分心和影响行车安全，担心汽车行业在这方面的做法会愈发恶劣。一位 2024 年款 Crosstrek 车主称，弹出式广告出现时候他们正在用 Apple CarPlay，广告占据了整个屏幕。为投放车载广告而强制关闭使用中应用的做法尤其恶劣。斯巴鲁发言人表示他们将开会讨论该问题，他们非常重视客户的反馈。斯巴鲁表示广告通常在每年的阵亡将士纪念日和感恩节前后发送两次。

A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the SNMP device configuration functionality. The vulnerability resides in the device […]

The post Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

Тридцать лет назад Брендан Айк написал прототип JavaScript за десять дней — сегодня этот «допиленный в спешке» язык управляет браузерами, серверами и приложениями.