Aggregator

A vulnerability was found in Oracle MySQL Server up to 8.0.43/8.4.6/9.4.0 and classified as problematic. This affects an unknown function of the component Optimizer. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-53040. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in psf requests up to 2.31.x. Impacted is an unknown function of the component Session Handler. The manipulation results in incorrect control flow. This vulnerability is cataloged as CVE-2024-35195. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.

当前环境异常，请完成验证以继续访问。

小米造车后的下一个梦想，雷军已经选好了；京东新供应 15 万套「小哥之家」；英语老师用 AI 五分钟批完全班作业

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读全文，抓住主要信息。 文章主要讲的是React和Next.js中的一个高危漏洞，CVE-2025-55182，CVSS评分满分10.0。攻击者只需要发送一个恶意HTTP请求就能在服务器上执行任意代码。漏洞曝光后，各种威胁行为体迅速行动，包括国家资助的间谍组织和加密货币挖矿团伙。 报告中提到四个攻击集群：隧道构建者、合法C2、伪装大师和Vim冒名者。他们利用漏洞部署了各种恶意软件和挖矿程序。此外，网络上出现了很多虚假的漏洞利用信息，进一步加剧了混乱。 安全专家建议企业立即修补漏洞，并防范衍生漏洞。 总结的时候要简明扼要，涵盖漏洞名称、影响范围、攻击者类型、攻击集群和修复建议。确保不超过100字。 全球最流行Web开发框架React中发现高危漏洞CVE-2025-55182（CVSS满分），攻击者可通过单个恶意HTTP请求在服务器上执行任意代码。漏洞披露后，国家资助间谍组织、加密货币挖矿团伙等迅速利用该漏洞展开攻击。报告披露了四类独立攻击行动，并指出复合型威胁蔓延至间谍活动及经济利益驱动的犯罪行为。安全专家建议企业立即实施补丁修复主要远程代码执行漏洞及衍生漏洞。

The Oyster backdoor (also known as Broomstick) is targeting the financial world, using malicious search ads for PuTTY, Teams, and Google Meet.

A vulnerability, which was classified as problematic, was found in Liferay Portal and DXP. This vulnerability affects unknown code of the component Response Body Handler. Such manipulation leads to information exposure through error message. This vulnerability is referenced as CVE-2025-43777. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in Liferay Portal and DXP. Affected is an unknown function. Performing manipulation results in server-side request forgery. This vulnerability is reported as CVE-2025-43763. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Liferay Portal and DXP. It has been classified as problematic. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-43778. The attack may be initiated remotely. There is no available exploit.

Google和Apple发布紧急更新修复零日漏洞，这些漏洞被用于针对特定高价值个人的攻击。两家公司未透露更多细节。

Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering a highly targeted attacks against an unknown number of users. The attacks abused zero‑day vulnerabilities in their software. The campaign appears to involve nation-state […]

嗯，用户发来了一个请求，让我帮他总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要理解他的需求。他可能是在阅读一篇关于环境异常的文章，想要一个简洁的摘要。 接下来，我注意到用户提供的文章内容主要是关于环境异常的情况，提示完成验证后可以继续访问，并有一个“去验证”的按钮。这可能意味着文章讨论的是某种安全机制或者访问控制的问题。 然后，我需要考虑如何在100字以内准确传达文章的核心信息。重点应该是环境异常、验证过程以及继续访问的可能性。同时，要避免使用“文章内容总结”这样的开头，直接进入描述。 最后，我要确保语言简洁明了，没有多余的信息。这样用户就能快速理解文章的主要内容了。 当前环境出现异常状态，需完成验证后才能继续访问。

点击查看更多本周网络安全大事件。

Turn XDR volume into revenue. Morpheus investigates 100% of alerts and triages 95% in under 2 minutes, letting MSSPs scale without adding headcount.

The post The Autonomous MSSP: How to Turn XDR Volume into a Competitive Advantage appeared first on D3 Security.

The post The Autonomous MSSP: How to Turn XDR Volume into a Competitive Advantage appeared first on Security Boulevard.

Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. [...]

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner.

One thing is certain: every year, the cybersecurity threat environment will evolve. AI tools, advances in computing, the growth of high-powered data centers that can be weaponized, compromised IoT networks, and all of the traditional vectors grow and change. As such, the tools and frameworks we use to resist these attacks will also need to […]

The post What New Changes Are Coming to FedRAMP in 2026? appeared first on Security Boulevard.

Notepad++ addressed an updater vulnerability that allows attackers hijack update traffic due to weak file authentication. Notepad++ addressed a flaw in its updater that allowed attackers to hijack update traffic due to improper authentication of update files in earlier versions. The popular security researcher Kevin Beaumont first reported that several Notepad++ users faced security incidents. […]

I have no context for this video—it’s from Reddit—but one of the commenters adds some context:

Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting.

With so many people carrying around cameras, we’re getting more videos of giant squid at the surface than in previous decades. We’re also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan. We don’t know why this is happening. Maybe they gather around there to mate or something? who knows! but since so many people have cameras, those one-off monster-story encounters are now caught on video, like this one (which, btw, rips. This squid looks so healthy, it’s awesome)...

The post Friday Squid Blogging: Giant Squid Eating a Diamondback Squid appeared first on Security Boulevard.

Elastic Is Scaling Security Training With Modular Learning, Hands-On Skills-Building
Elastic is evolving its security training to modular, on-demand formats - at no cost - to reach more learners. It is focusing on short, feature-focused modules that provide flexible, practical skill-building without replacing premium instructor-led courses.