Aggregator

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

The Hackers News
1 month 2 weeks ago
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical
The Hacker News

CVE-2024-21413

CVE Trends
1 month 2 weeks ago
Currently trending CVE - Hype Score: 1 - Microsoft Outlook Remote Code Execution Vulnerability

Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery

Cyber Security News
1 month 2 weeks ago

Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this dangerous trend, where attackers are weaponizing Velociraptor, a widely respected Digital Forensics and Incident Response (DFIR) tool. By deploying this software, adversaries effectively establish stealthy Command and […]

The post Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery appeared first on Cyber Security News.

Tushar Subhra Dutta

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

Security Affairs
1 month 2 weeks ago
Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS attack from the AISURU botnet, a 69-second barrage that set a new volume record. The cybersecurity firm did not disclose the name of the […]
Pierluigi Paganini

漏洞预警 | React/Next.js组件存在RCE漏洞(CVE-2025-58360)

嘶吼
1 month 2 weeks ago

一、漏洞概述


漏洞类型

远程代码执行

漏洞等级

漏洞编号

CVE-2025-55182

漏洞评分

10.0

利用复杂度

影响版本

React/Next.js多个版本

利用方式

远程

POC/EXP

已公开

        近日,React 核心团队确认了一个存在于 React Server Components (RSC) 实现中的严重远程代码执行 (RCE) 漏洞。该漏洞被分配了 CVE-2025-55182(Next.js 对应编号 CVE-2025- 66478),攻击者无需任何身份验证,仅通过一个 HTTP 请求,即可在你的服务器上执行任意代码。
    React是一个用于构建用户界面的JavaScript库,广泛用于开发单页应用程序和移动应用程序。
    据描述,受影响版本的React 服务器组件实现的应用程序可能会以允许攻击者执行远程代码的方式处理不受信任的输入,在特定条件下,精心构造的请求可能导致远程代码执行。


漏洞影响的产品和版本:


React Server 19.0.0React Server 19.0.1React Server 19.1.*React Server 19.2.0Next.js v15.0.0 - v15.0.4Next.js v15.1.0 - v15.1.8Next.js v15.2.x -v15.5.6Next.js v16.0.0 - v16.0.6Next.js v14.3.0-canary.77及以上Canary 版本

二、漏洞复现


三、资产测绘


据daydaymap数据显示互联网存在8,209,309个资产,国内风险资产分布情况如下。

四、解决方案



▪ 临时缓解方案

1.在 WAF 中拦截异常 RSC 请求2.对 RSC 端点实施IP 白名单或速率限制


▪ 升级修复

目前官方已发布修复安全补丁
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-component

五、参考链接


https://github.com/ejpir/CVE-2025-55182-poc

https://www.ddpoc.com/DVB-2025-10412.html


原文链接

盛邦安全

Akira

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code

Cyber Security News
1 month 2 weeks ago

A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide. The vulnerability, tracked as CVE-2025-6389 with a CVSS score of 9.8, exists in versions 8.3 and earlier of the plugin, which maintains approximately 1,700 active installations […]

The post Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code appeared first on Cyber Security News.

Tushar Subhra Dutta

美国驱逐了偷拍 SpaceX 机密材料的俄罗斯宇航员

Solidot
1 month 2 weeks ago
原计划参加 SpaceX Crew-12 任务前往国际空间站的俄罗斯宇航员 Oleg Artemyev 被从乘组名单中移除,他的位置由另一名俄罗斯宇航员 Andrey Fedyaev 接替。原因是他被逮到在加州 Hawthorne 基地使用手机偷拍了 SpaceX 火箭引擎和内部机密材料,违反了美国出口管制规定。Artemyev 上周被从训练基地驱逐。报道称,NASA 不希望围绕 Artemyev 的争议公开化。

美国驱逐了偷拍 SpaceX 机密材料的俄罗斯宇航员

不安全
1 month 2 weeks ago
好的,我现在要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100字以内,而且不需要特定的开头,直接写描述即可。 首先,我需要通读文章,抓住关键点。文章讲的是俄罗斯宇航员Oleg Artemyev被移出SpaceX Crew-12任务,原因是他在SpaceX基地偷拍火箭引擎和机密材料,违反了美国的出口管制规定。NASA不希望公开这件事。 接下来,我要把这些信息浓缩到100字以内。需要注意的是,要涵盖事件的主要原因、涉及的人物和结果。 可能的结构是:谁被移除、原因、谁接替、以及NASA的态度。这样既全面又简洁。 现在开始组织语言:俄罗斯宇航员Artemyev因在SpaceX基地偷拍机密材料被移出任务,由Fedyaev接替。NASA不愿公开争议。 检查字数是否符合要求,大约在90字左右,符合要求。 最后,确保语言流畅自然,没有语法错误。 俄罗斯宇航员Oleg Artemyev因在SpaceX基地偷拍火箭引擎和机密材料被移出Crew-12任务,并被驱逐出境。他的位置由Andrey Fedyaev接替。NASA不愿公开此争议。

Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code

Cyber Security News
1 month 2 weeks ago

A critical security vulnerability has been discovered in Vim for Windows that could allow attackers to execute malicious code on users’ computers. The vulnerability, identified as CVE-2025-66476, affects Vim versions before 9.1.1947 and has been rated high severity, with a CVSS score of 7.8. The flaw lies in how Vim searches for external programs on […]

The post Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Abinaya

Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers

Cyber Security News
1 month 2 weeks ago

A critical HTTP request smuggling vulnerability in Akamai’s edge server infrastructure has been successfully fixed. The vulnerability, identified as CVE-2025-66373, stemmed from improper processing of HTTP requests containing invalid chunk-encoded bodies, potentially exposing thousands of customers to sophisticated attacks. Understanding HTTP Chunked Transfer Encoding HTTP chunked transfer encoding is an HTTP/1.1 standard that breaks message […]

The post Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers appeared first on Cyber Security News.

Abinaya

Managed ad