Aggregator

A vulnerability was found in Datateam Information Datactive. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-13505. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7 and classified as critical. This affects an unknown part of the component EOL Legacy Bootloader. Executing manipulation can lead to Local Privilege Escalation. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2025-59698. The physical device can be targeted for the attack. No exploit exists.

A vulnerability has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Chassis Management Board. Performing manipulation results in improper physical access control. This vulnerability is identified as CVE-2025-59696. The attack may be carried out on the physical device. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. Affected by this vulnerability is an unknown functionality. Such manipulation leads to information exposure through discrepancy. This vulnerability is referenced as CVE-2025-59702. The attack can be executed directly on the physical device. No exploit is available.

一名男子在接受干细胞移植治疗血癌后，成为全球第七位摆脱艾滋病病毒（HIV）的人。他也是 7 位患者中第二位接受非抗HIV干细胞移植的人。这一案例进一步证明，治愈 HIV 或许并不需要依赖抗 HIV 干细胞。此前已有 5 人通过接受捐赠者的干细胞摆脱了 HIV，这些捐赠者 CCR5 基因的两个拷贝均发生突变。该基因编码的蛋白质是 HIV 感染免疫细胞的“通道”。这让科学家得出结论：携带两个突变拷贝可使免疫细胞完全缺失 CCR5 蛋白，这是治愈HIV的关键。但 2024 年被称为“日内瓦病人”的第六位患者在接受不含 CCR5 突变的干细胞移植后，病毒阴性期超过两年。最新案例则为“日内瓦病人已治愈”的观点提供了更强支撑。一名男子于 2015 年 10 月接受干细胞移植治疗白血病。当时 51 岁的患者同时感染了 HIV。治疗过程中，他接受了化疗以摧毁体内绝大多数免疫细胞，为供体干细胞生成健康的免疫系统腾出空间。理想情况下，男子本应接受抗 HIV 干细胞，但由于没有合适的供体，医生使用了携带一个正常拷贝和一个突变拷贝的 CCR5 基因干细胞。移植期间，他一直接受 HIV 治疗的标准方法——抗逆转录病毒疗法（ART）。在移植约 3 年后，男子选择停止服用 ART 药物。停药后不久，研究团队在他的血液样本中未发现任何病毒痕迹。截至目前，他已保持病毒阴性状态长达 7 年 3 个月，达到“治愈”的标准。在 7 位已摆脱 HIV 的患者中，该男子的病毒阴性期时间排名第二，最长者已保持约 12 年无病毒状态。研究结果意味着，治愈 HIV 的干细胞移植供体范围可能比我们想象的更广。

Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service" economy lowers the barrier to entry and gives low-skill attackers on-demand access to advanced capabilities. [...]

A vulnerability, which was classified as problematic, has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. Affected is an unknown function of the component Appliance SSD. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2025-59701. It is feasible to perform the attack on the physical device. There is no exploit available.

Infected 4.3 million Chrome and Edge users via extensions; ShadyPanda exploited browser marketplaces

A vulnerability classified as critical was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. This impacts an unknown function of the component Legacy GRUB Bootloader Configuration Handler. The manipulation results in improper privilege management. This vulnerability was named CVE-2025-59697. An attack on the physical device is feasible. There is no available exploit.

A vulnerability classified as critical has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. This affects an unknown function of the component Recovery Partition. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2025-59700. It is possible to launch the attack on the physical device. No exploit exists.

A vulnerability described as critical has been identified in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. The impacted element is an unknown function of the component USB Device Handler. Executing manipulation can lead to Local Privilege Escalation. This vulnerability is handled as CVE-2025-59699. The physical device can be targeted for the attack. There is not any exploit available.

A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division. For the first time, researchers managed

Каким было первое топливо для 1 октиллиона клеток — больше, чем звезд во Вселенной.

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and harvest npm,

The Android TV community faces a significant security crisis as SmartTube, a popular third-party YouTube client, has been compromised due to exposed signing keys. Security researchers have identified malicious code embedded within official releases, prompting Google to forcibly disable the application on affected devices. The incident, which came to light through extensive community analysis, demonstrates […]

The post SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys appeared first on Cyber Security News.

伪装成税务调查表银狐最新攻击样本分析

Learn how Akamai Prolexic Network Cloud Firewall allows CISOs to manage risk, resilience, and reputation by delivering visibility, agility, and proactive defense.

In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. [...]

A vulnerability marked as critical has been reported in Entrust nShield Connect XC, nShield 5c and nShield HSMi. The affected element is an unknown function of the component Chassis Management Board. Performing manipulation results in improper authentication. This vulnerability is known as CVE-2025-59695. Access to the local network is required for this attack. No exploit is available.

Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”. According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core software components, libraries, and APIs that developers use to build Android apps. Their exact nature has yet to be revealed, but the bulletin notes that CVE-2025-48633 can be exploited by Android applications to access sensitive … More →

The post Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) appeared first on Help Net Security.