Aggregator

A vulnerability was found in Siemens RUGGEDCOM ROX II Family up to 2.16.x. It has been rated as critical. This issue affects some unknown processing of the component Configuration Handler. Performing manipulation results in command injection. This vulnerability is reported as CVE-2024-56836. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in WBCE CMS up to 1.6.4 and classified as problematic. This issue affects some unknown processing of the component Header Handler. Such manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. This vulnerability is listed as CVE-2025-66204. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Ivanti Endpoint Manager up to 2024 SU4. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-10573. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Ivanti Endpoint Manager up to 2024 SU4. It has been rated as critical. Impacted is an unknown function. Performing manipulation results in path traversal. This vulnerability is reported as CVE-2025-13661. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Beaver Builder Plugin up to 2.9.4 on WordPress. Impacted is the function get_attachment_sizes. This manipulation causes information disclosure. This vulnerability is handled as CVE-2025-12558. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Altcha 0.8.0. This affects an unknown part of the component Proof-of-Work Obfuscation Mode. Performing manipulation results in cryptographic issues. This vulnerability is known as CVE-2025-65849. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability marked as problematic has been reported in NUT-14 up to 0.17.x. Affected by this vulnerability is an unknown functionality. This manipulation causes improper validation of specified quantity in input. This vulnerability is tracked as CVE-2025-65548. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively leveraging this zero-day flaw in attacks targeting both public and private sectors. The newly disclosed vulnerability, tracked as CVE-2025-58360, […]

The post CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Currently trending CVE - Hype Score: 1 - Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with ...

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述即可。 首先，我需要通读整篇文章，抓住主要信息。文章讲的是一个反盗版联盟ACE，他们最近关闭了印度的一个非常流行的盗版流媒体服务MKVCinemas，以及相关的25个域名。这个服务在过去两年里吸引了超过1.424亿的访问量。ACE是由迪士尼、华纳兄弟、Netflix等多家大型电视网络和电影工作室支持的，他们通过刑事指控、民事诉讼和禁止令来打击非法流媒体服务。 此外，ACE还关闭了一个广泛使用的文件克隆工具，这个工具允许用户从隐藏的云存储库中复制文件到个人云存储中，从而传播受版权保护的内容。这个工具在过去两年里吸引了2.314亿次访问，并帮助规避了删除努力，因为它隐藏了上传到云驱动器的媒体文件的来源。 ACE还提到他们将不懈地追求和摧毁非法运营，以使观众和创作者受益于一个安全、可持续的市场环境。最近几个月，ACE还与其他组织合作关闭了其他几个盗版流媒体服务，包括Photocall和Streameast等。 接下来，我需要将这些信息浓缩到100字以内。重点包括：ACE关闭了MKVCinemas及其相关域名；该服务在过去两年吸引了大量访问；ACE由多家大型公司支持；他们还关闭了一个文件克隆工具；以及强调了他们打击非法流媒体的决心。 可能的结构是：反盗版联盟ACE关停印度流行盗版流媒体服务MKVCinemas及其25个相关域名，该平台过去两年吸引超1.42亿访问者。同时关闭一文件克隆工具，并强调将持续打击非法运营。 检查一下字数是否在100字以内，并确保没有使用任何开头语。 反盗版联盟ACE关停印度流行盗版流媒体服务MKVCinemas及其25个相关域名，该平台过去两年吸引超1.42亿访问者。同时关闭一文件克隆工具，并强调将持续打击非法运营。

Найдены самые убедительные доказательства общей теории относительности.

An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...]

DJI Action 6 脱离传统运动相机定位，主打全能拍摄体验。其1:1正方形传感器、可变光圈设计和超广角镜头赋予更强创作自由度。与iPhone 16 Pro Max对比显示，在防抖、画质等方面优势明显。但快门迟滞、解锁困难等问题仍待优化。

Understand what PII is, why email puts it at risk, and how your business can strengthen security to better protect sensitive information.

The post PII in email: Explanation, risks, & protection appeared first on Security Boulevard.

Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate into reductions in harm. The study looks at thirty five years of privacy history, from the rise of early data protection efforts to the current landscape of AI driven risk, cross border transfers, and uneven enforcement. The researchers from … More →

The post What 35 years of privacy law say about the state of data protection appeared first on Help Net Security.

Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.

Terraform Labs 创始人 Do Kwon 因欺诈罪和合谋罪被美国纽约联邦法院判处 15 年徒刑。他还面临韩国的指控，根据认罪协议，在美国服完一半刑期之后可以引渡到韩国受审。Terraform 发行了被称为 Terra USD（UST）的算法稳定币，2022 年 5 月 UST 币值崩溃导致关联代币 LUNA 几乎跌至一文不值，客户损失了 400 亿美元。Do Kwon 是韩国公民，他的公司总部位于新加坡，他于 2023 年 3 月在黑山被捕，2024 年底被引渡到美国受审。今年 8 月他承认在声称其代币能在加密货币市场波动期间保持价格稳定上误导投资者。

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，抓住关键点。 文章主要讲的是Terraform Labs的创始人Do Kwon被美国法院判刑15年，涉及欺诈和合谋罪。他还要面临韩国的指控，服刑一半后可能被引渡。接着，提到Terraform发行的UST稳定币在2022年崩溃，导致客户损失400亿美元。Do Kwon是韩国人，公司总部在新加坡，他在黑山被捕后被引渡到美国受审，并在今年8月承认误导投资者。 现在我需要把这些信息浓缩到100字以内。首先，确定主要人物和事件：Do Kwon被判处15年徒刑。然后是涉及的罪名和金额：欺诈、合谋、400亿美元损失。接着是UST崩溃的情况：算法稳定币失败导致LUNA几乎归零。最后提到他的国籍和被捕情况：韩国人，在黑山被捕。 把这些点连贯起来，确保信息准确且简洁。注意不要使用“文章内容总结”这样的开头，直接描述即可。 Terraform Labs创始人Do Kwon因欺诈和合谋罪被美国法院判处15年徒刑，并面临韩国引渡风险。其发行的算法稳定币UST在2022年崩溃，导致客户损失400亿美元。Do Kwon为韩国公民，在黑山被捕后被引渡至美国受审，并承认误导投资者。

A vulnerability identified as critical has been detected in Google Chrome. The affected element is an unknown function of the component Toolbar. Performing manipulation results in Remote Code Execution. This vulnerability is reported as CVE-2025-14373. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.