Суррогат Cobalt Strike. Как новый инструмент хакеров пытается быть незаметным (спойлер: получается плохо).
Эксперты описали сетевые признаки хакерского инструмента.
Aggregator
CVE-2025-14578 | itsourcecode Student Management System 1.0 /update_account.php ID sql injection
2 weeks ago
A vulnerability has been found in itsourcecode Student Management System 1.0 and classified as critical. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID causes sql injection.
The identification of this vulnerability is CVE-2025-14578. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels
2 weeks ago
Security researchers have successfully extracted firmware from a budget smartwatch by bringing back a 20-year-old attack method originally used to steal data from network devices. The technique, known as “Blinkenlights,” was adapted to work with modern TFT screens instead of traditional LED indicators. Quarkslab analysts purchased a cheap smartwatch for approximately €12 from a local […]
The post Researchers Revive 2000s ‘Blinkenlights’ Technique to Dump Smartwatch Firmware via Screen Pixels appeared first on Cyber Security News.
Tushar Subhra Dutta
Reddit 指控澳大利亚禁止儿童使用社媒法侵犯自由
2 weeks ago
Reddit 周五就澳大利亚禁止 16 岁以下青少年使用社交媒体的法律提起诉讼。澳大利亚的这项法律堪称全球首例,已于周三生效,总部位于美国的 Reddit 也在被禁的名单上。Reddit 向澳大利亚高等法院提出对该案复审要求,认为自己作为讨论论坛,不应写入被禁止的社交媒体名单上。在提交给法院的诉讼文件中,Reddit 质疑该法律的合法性,称其“侵犯了政治表达的自由”。Reddit 表示,它同意应该保护16岁以下的青少年儿童。但该法律强势介入,加上可能不安全的验证程序,会使年龄较大的青少年和年轻成年人,失去参与同龄人活动的能力,包括政治讨论。这份声明中还称,“与其他受该法律约束的平台不同,Reddit 绝大多数用户都是成年人,我们不会针对 18 岁以下的儿童进行营销或投放广告。”“简而言之,16 岁以下的用户并非 Reddit 的主要市场群体,我们也无意让他们成为主要市场群体。”
Submit #704951: github.com Course Selection System Project V1.0 SQL Injection [Duplicate]
2 weeks ago
Submit #704951 / VDB-336190
tr1pl3R
Submit #704794: itsourcecode Student Management System V1.0 SQL Injection [Accepted]
2 weeks ago
Submit #704794 / VDB-336200
YewKnight
CVE-2025-66003 | smb4k up to 4.0.4 Mount Helper Local Privilege Escalation
2 weeks ago
A vulnerability, which was classified as critical, was found in smb4k up to 4.0.4. Impacted is an unknown function of the component Mount Helper. The manipulation results in Local Privilege Escalation.
This vulnerability was named CVE-2025-66003. The attack needs to be approached locally. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2025-66002 | smb4k up to 4.0.4 Mount Helper access control
2 weeks ago
A vulnerability, which was classified as critical, has been found in smb4k up to 4.0.4. This issue affects some unknown processing of the component Mount Helper. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2025-66002. Local access is required to approach this attack. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
蟒蛇在一千万年前就体型巨大
2 weeks ago
剑桥大学领导的研究团队根据委内瑞拉发现的距今 1240 万年的化石重建了古代水蟒(anacondas),发现这种热带蛇类体长达 5.2 米。1240 万年到 530 万年前的中新世中晚期,由于更温暖的全球气温,广阔的湿地和丰富的食物,很多动物体型远大于其现代近亲。中新世巨型动物如 12 米长的凯门鳄(Purussaurus),3.2 米长的巨型淡水龟(Stupendemys)都已经灭绝,但水蟒作为一种巨型动物仍然存活了下来。研究团队测量了 183 块水蟒脊椎骨化石,它们来自至少 32 条蟒蛇。结果显示古代水蟒体长约为 4-5 米,与现代的水蟒差不多。研究人员认为这展现了蟒蛇超强的适应能力。
CVE-2025-13506 | Nebim ERP up to 3.0.0 unnecessary privileges (EUVD-2025-203080)
2 weeks ago
A vulnerability classified as very critical was found in Nebim ERP up to 3.0.0. This vulnerability affects unknown code. Executing manipulation can lead to execution with unnecessary privileges.
This vulnerability is handled as CVE-2025-13506. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-13751 | OpenVPN up to 2.7_rc2 on Windows Interactive Service Agent allocation of resources
2 weeks ago
A vulnerability, which was classified as problematic, was found in OpenVPN up to 2.7_rc2 on Windows. This affects an unknown part of the component Interactive Service Agent. The manipulation results in allocation of resources.
This vulnerability is reported as CVE-2025-13751. The attack requires a local approach. No exploit exists.
vuldb.com
CVE-2025-13086 | OpenVPN up to 2.7_rc1 Source IP Address verification of source (EUVD-2025-201102 / Nessus ID 277384)
2 weeks ago
A vulnerability classified as problematic has been found in OpenVPN up to 2.7_rc1. Impacted is an unknown function of the component Source IP Address Handler. This manipulation causes improper verification of source of a communication channel.
This vulnerability is tracked as CVE-2025-13086. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
«Алло, полиция? Тут бизнесмены ссорятся». Голландец «задудосил» экстренные службы и поплатился за это
2 weeks ago
Несколько дней подряд нуждающиеся в помощи слышали лишь бесконечные гудки.
Space Bears
2 weeks ago
You must login to view this content
cohenido
GeoServer security advisory (AV25-789) - Update 1
2 weeks ago
Canadian Centre for Cyber Security
CVE-2025-55183 | Meta react-server-dom-webpack up to 19.0.1/19.1.2/19.2.1 React Server deserialization (WID-SEC-2025-2835)
2 weeks ago
A vulnerability was found in Meta react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel up to 19.0.1/19.1.2/19.2.1. It has been declared as problematic. Impacted is an unknown function of the component React Server Component. Such manipulation leads to deserialization.
This vulnerability is listed as CVE-2025-55183. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-55184 | Meta react-server-dom-webpack up to 19.0.1/19.1.2/19.2.1 React Server deserialization (WID-SEC-2025-2835)
2 weeks ago
A vulnerability classified as problematic has been found in Meta react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel up to 19.0.1/19.1.2/19.2.1. Affected by this issue is some unknown functionality of the component React Server Component. Performing manipulation results in deserialization.
This vulnerability is known as CVE-2025-55184. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-67739 | JetBrains TeamCity up to 2025.11.1 URL Validation improper authorization in handler for custom url scheme (WID-SEC-2025-2832)
2 weeks ago
A vulnerability labeled as problematic has been found in JetBrains TeamCity up to 2025.11.1. Impacted is an unknown function of the component URL Validation Handler. The manipulation results in improper authorization in handler for custom url scheme.
This vulnerability is identified as CVE-2025-67739. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
Atlassian security advisory (AV25-830)
2 weeks ago
Canadian Centre for Cyber Security
瑞士考虑将人口上限设置在 1000 万
2 weeks ago
极右翼政党支持率的不断攀升施压欧洲各国政府加强移民管控。瑞士即将就一项提案进行投票,该提案把移民管控推向了新的高度——设定人口上限。如果瑞士居民人数从目前的约 900 万增至 1000 万以上,那么根据该提案瑞士可能全面禁止新移民入境,不管难民、技术工人还是年薪六位数的高级经理都一视同仁。根据瑞士的全民公投政策,公民预计会在明年就该提案进行投票表决。而民调显示该提案很可能会获得批准。限制人口流动从来不会有利于经济发展,全面限制新移民被认为可能会导致瑞士关键技能人才缺乏,损害国家竞争力。投票结果将展示公民为了维护国家的吸引力而愿意做出怎样的选择。右翼的瑞士人民党(Swiss People's Party)在上次选举中赢得了 28% 的选票,其竞选纲领将瑞士公民身份刻画成一种特权而非权利。该党在 2023 年提出了限制人口数量的设想,将其包装成一种保护瑞士生活方式和防止环境受到过度人类活动破坏的方法。