Aggregator
Майнинг на тостере и 150000 атак — вот как умный дом тайком расходует ваше электричество
2 weeks 4 days ago
Новая уязвимость React2Shell в Node.js уже превратила умные дома и серверы по всему миру в охотничьи угодья для ботнетов в стиле Mirai.
New Spiderman Phishing Kit Lets Attackers Create Malicious Bank Login Pages in Few Clicks
2 weeks 4 days ago
A sophisticated new phishing framework dubbed “Spiderman” has emerged in the cybercrime underground, dramatically lowering the barrier to entry for financial fraud. This toolkit, observed by Varonis, allows threat actors, even those with minimal technical skill, to spin up pixel-perfect replicas of legitimate banking portals in just a few clicks. The kit targets customers of […]
The post New Spiderman Phishing Kit Lets Attackers Create Malicious Bank Login Pages in Few Clicks appeared first on Cyber Security News.
Guru Baran
When Vendors Become the Vulnerability: What the Marquis Software Breach Signals for Financial Institutions
2 weeks 4 days ago
In December 2025, a ransomware attack on Marquis Software Solutions, a data analytics and marketing vendor serving the financial sector, compromised sensitive customer information held by multiple banks and credit unions, according to Infosecurity Magazine. The attackers reportedly gained access through a known vulnerability in a firewall device connected to Marquis’s remote-access systems. The incident
The post When Vendors Become the Vulnerability: What the Marquis Software Breach Signals for Financial Institutions appeared first on Seceon Inc.
The post When Vendors Become the Vulnerability: What the Marquis Software Breach Signals for Financial Institutions appeared first on Security Boulevard.
Maggie MacAlpine
Akira
2 weeks 4 days ago
You must login to view this content
cohenido
Починил звук — потерял кошелек. Теперь маководы ведутся на «добрые советы» нейросетей
2 weeks 4 days ago
Как доверие к ИИ помогло преступникам заразить Mac инфостилером AMOS под видом безобидного совета.
Pro-Russia Hackers Target US Critical Infrastructure in New Wave
2 weeks 4 days ago
Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems
GoFundMe 报告称有更多的人在 2025 年众筹生活必需品
2 weeks 4 days ago
众筹平台 GoFundMe 发表年度报告《Year in Help》,称有更多的人在 2025 年众筹房租和食品等生活必需品。报告称房租、水电费和食品杂货等基本开支的筹款活动数量增长了 20%,“每月账单(Monthly bills)”是增长速度第二快的众筹类别,仅次于对非营利组织的捐助。生活必需品众筹增长的英语国家包括了美国、加拿大、英国和澳大利亚。GoFundMe CEO Tim Cadogan 称,在美国政府停摆期间,随着每月福利 SNAP 的中断,食品相关的众筹活动增加了近六倍。
SecWiki News 2025-12-10 Review
2 weeks 4 days ago
今日暂未更新资讯~
更多最新文章,请访问SecWiki
更多最新文章,请访问SecWiki
科技巨头是新苏维埃
2 weeks 4 days ago
希腊前财长、经济学家 Yanis Varoufakis 认为今天的科技巨头是新时代的苏维埃,推行基于算法的计划经济。Palantir 联合创始人 Peter Thiel 宣称失败者才要竞争。他的意思是赢家不仅仅是通过消灭竞争对手去垄断市场,它们还会不断扩张直至摧毁市场本身,复活苏联式的国家计划经济。苏联的国家计划经济之所以失败,是因为它缺乏科技巨头最强大的武器:云资本——以算法、数据中心和光纤构成的集成网络。一位年长的托洛茨基主义者认为苏联以社会主义的名义创造了一种工业封建主义,而今天的科技巨头以资本主义和自由市场的名义创造了一种科技封建主义。随着科技巨头的云资本不断积累并集中到越来越少的人手中,各国政府愈来愈依赖科技巨头。通过在租用的云基础设施上构建核心功能,各国政府实际上是从亚马逊 AWS、微软和 Google 等公司回租其运作能力。这种依赖催生了一种科技封建权力维度。云资本用源自苏联时代的计划工具取代了市场,在此过程中它杀死了资本主义。
CVE-2025-65958 | open-webui Open WebUI up to 0.6.36 server-side request forgery (GHSA-c6xv-rcvw-v685)
2 weeks 4 days ago
A vulnerability categorized as critical has been discovered in open-webui Open WebUI up to 0.6.36. This vulnerability affects unknown code. Such manipulation leads to server-side request forgery.
This vulnerability is referenced as CVE-2025-65958. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2025-66552 | Nextcloud Server/Enterprise Server up to 31.0.8/32.0.0 admin_audit App insufficient logging
2 weeks 4 days ago
A vulnerability was found in Nextcloud Server and Enterprise Server up to 31.0.8/32.0.0. It has been rated as problematic. Affected is an unknown function of the component admin_audit App. Performing manipulation results in insufficient logging.
This vulnerability is cataloged as CVE-2025-66552. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2020-36881 | Flexsense DiskBoss 7.7.14 Directory Add Input Directory memory corruption (Exploit 48279 / EDB-48279)
2 weeks 4 days ago
A vulnerability labeled as critical has been found in Flexsense DiskBoss 7.7.14. Affected by this vulnerability is an unknown functionality of the component Directory Handler. The manipulation of the argument Add Input Directory results in memory corruption.
This vulnerability is cataloged as CVE-2020-36881. The attack must be initiated from a local position. Furthermore, there is an exploit available.
vuldb.com
CVE-2020-36880 | Flexsense DiskBoss 7.7.14 Reports/Data Directory memory corruption (Exploit 48689 / EDB-48689)
2 weeks 4 days ago
A vulnerability marked as critical has been reported in Flexsense DiskBoss 7.7.14. This issue affects some unknown processing. Performing manipulation of the argument Reports/Data Directory results in memory corruption.
This vulnerability is cataloged as CVE-2020-36880. The attack must be initiated from a local position. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-14325 | Mozilla Firefox up to 145 JIT Remote Code Execution (WID-SEC-2025-2812)
2 weeks 4 days ago
A vulnerability categorized as critical has been discovered in Mozilla Firefox up to 145. This vulnerability affects unknown code of the component JIT. Executing manipulation can lead to Remote Code Execution.
This vulnerability is registered as CVE-2025-14325. It is possible to launch the attack remotely. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
Mariniers vieren 360-jarig bestaan in thuishaven Rotterdam
2 weeks 4 days ago
Elke marinier die voor het eerst zijn baret opzet, erft volgens de commandant Korps Mariniers een geschiedenis die in drieënhalve eeuw is opgebouwd. Brigadegeneraal Ivo Moerman zei dit vandaag in Rotterdam waar het Korps Mariniers zijn 360-jarig bestaan vierde, tussen de inwoners van Rotterdam. De stad waar de mariniers al eeuwenlang mee zijn verbonden.
ChatGPT共享链接钓鱼攻击新套路:伪装实用指南诱导手动植马
2 weeks 4 days ago
近期出现多起利用 ChatGPT 共享链接聊天记录实施的网络钓鱼攻击,其攻击套路大致如下: 攻击者首先在谷歌平
10000 кубитов в одном кармане? Ну, почти. QuantWare одной новинкой «обнулила» достижения IT-гигантов
2 weeks 4 days ago
Впервые создан процессор, превосходящий существующие решения в 100 раз.
Teen who allegedly stole millions of personal data records arrested in Spain
2 weeks 4 days ago
Spanish police accused a 19-year-old man of stealing 64 million personal data records from multiple companies and attempting to sell them on hacker forums.
CVE-2025-63009 | yuvalo WP Google Analytics Events Plugin up to 2.8.2 on WordPress exposure of sensitive system information to an unauthorized control sphere (EUVD-2025-202000)
2 weeks 4 days ago
A vulnerability marked as problematic has been reported in yuvalo WP Google Analytics Events Plugin up to 2.8.2 on WordPress. Affected by this issue is some unknown functionality. Performing manipulation results in exposure of sensitive system information to an unauthorized control sphere.
This vulnerability is known as CVE-2025-63009. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com