Aggregator

A vulnerability classified as critical has been found in Cerberus FTP Server 8.0.10.3. This affects an unknown part of the component MLST Command Handler. Performing manipulation results in memory corruption. This vulnerability is known as CVE-2017-6880. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Cerberus FTP Server 8.0.10.1 on Windows. It has been classified as problematic. This issue affects some unknown processing of the component Header Handler. Performing manipulation of the argument Host/Content-Length results in improper input validation. This vulnerability was named CVE-2017-6367. The attack may be initiated remotely. In addition, an exploit is available. It is suggested to use restrictive firewalling.

A vulnerability, which was classified as critical, has been found in Avaya IP Office Contact Center up to 10.1.0. Impacted is the function Open in the library ViewerCtrlLib.ViewerCtrl of the component ActiveX Control. Performing manipulation as part of Long String results in memory corruption. This vulnerability is reported as CVE-2017-12969. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is advisable to upgrade the affected component.

A vulnerability was found in Brave Browser up to 0.12.x and classified as problematic. The impacted element is the function alert of the component JavaScript Handler. Executing manipulation can lead to improper resource management. This vulnerability is tracked as CVE-2017-18256. The attack can be launched remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.

A vulnerability was found in ArGoSoft Mini Mail Server up to 1.0.0.2. It has been declared as problematic. Affected by this issue is some unknown functionality. Executing manipulation can lead to improper resource management. The identification of this vulnerability is CVE-2017-15223. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in Mautic up to 4.4.17/5.2.8/6.0.6. Affected by this vulnerability is an unknown functionality of the component GrapesJS Builder. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2025-13827. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in che-incubator che-code. Affected by this vulnerability is an unknown functionality of the component CHE machine-exec API. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-12548. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply restrictive firewalling.

Неизвестные транслируют фальшивые координаты пилотам. Что такое спуфинг и кто может за этим стоять?

资产安全不仅是密钥安全，更是权限安全。

当前环境出现异常，需完成验证后才能继续访问。

A new and dangerous phishing campaign is targeting organizations with a deceptive “Executive Award” theme that combines social engineering with advanced malware delivery. This two-stage attack first tricks users into sharing their login credentials through a fake HTML form, then deploys the Stealerium information stealer to compromise affected systems. The campaign represents a growing trend […]

The post Beware of the New ‘Executive Award’ Campaign That Uses ClickFix to Deliver Stealerium Malware appeared first on Cyber Security News.

Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.

The Pall Mall Process begins outreach to define guidelines for private commercial intrusion industry

本文首次系统分析了了威胁情报黑名单的操纵风险，这会破坏服务器之间的正常通信，甚至导致受害者域名被注册局删除。

《绝地潜兵 2》开发商将 PC 版本游戏容量从 154GB 减少到 23GB，瘦身 85%。此前因 PC 版本为机械硬盘优化包含大量重复数据以加快加载速度。现大部分 PC 使用固态硬盘，仅 12% 玩家仍使用机械硬盘。

《绝地潜兵 2（HELLDIVERS 2）》开发商 Arrowhead Game Studios 释出最新更新，将 PC 版本的游戏容量从 154GB 减少到 23GB，瘦身高达 85%。Arrowhead 此前曾在官方博客上解释了为什么 PC 版本的容量如此之大，原因是 PC 版本包含了大量重复数据，旨在加快机械硬盘上游戏的加载速度，而游戏机使用的是固态硬盘，因此主机版本的容量没有这么大。今天绝大部分 PC 使用的硬盘已从机械硬盘过渡到固态硬盘，Arrowhead 估计只有 12% 的《绝地潜兵 2》玩家仍然使用机械硬盘。

Hack The Box (HTB) unveiled HTB AI Range, a controlled AI cyber range built to test and benchmark the safety, limits, and capabilities of autonomous AI security agents. HTB AI Range replicates live, high stakes cyber battlegrounds tailored for enterprise readiness, where AI agents and human operators are evaluated side by side. Every model and every human is tested, refined, and retested until mastery is measurable. AI is embedded across a wide range of operations … More →

The post HTB AI Range benchmarks the safety and limits of autonomous security agents appeared first on Help Net Security.

Попытка найти стрим по крикету раскрыла тихую компрометацию серверов ЕС, использованных для SEO-мошенничества.

A critical security flaw in the popular “King Addons for Elementor” WordPress plugin has left thousands of websites at risk of complete takeover, security researchers have warned. The vulnerability, tracked as CVE-2025-8489, allows unauthenticated attackers to register new accounts with full administrator rights by abusing an insecure registration function in the plugin. King Addons for […]

The post Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control appeared first on Cyber Security News.

好，我现在需要帮用户总结一篇意大利语的文章内容，控制在100字以内，而且不需要特定的开头。首先，我得仔细阅读文章内容，理解其主要信息。 文章看起来是关于“Guerre di Rete”这个项目的月度简报。里面提到了项目的扩展，包括网站、电子书、众筹活动等。还有几个主要的文章内容，涉及Deepfake、隐私保护、平台恶化以及AI的使用情况。 接下来，我需要将这些信息浓缩到100字以内。要确保涵盖项目扩展、众筹活动以及主要内容。同时，语言要简洁明了，直接描述内容。 可能的结构是：项目扩展到网站和电子书，通过众筹支持，并涵盖Deepfake、隐私保护、平台问题和AI使用等内容。 现在检查字数是否符合要求，并确保没有使用“这篇文章”之类的开头。 这篇文章介绍了“Guerre di Rete”项目的扩展及其众筹活动，并涵盖了关于Deepfake技术、隐私保护、数字平台恶化及人工智能应用的讨论。