Aggregator

A vulnerability classified as problematic was found in Kjetiltroan WebMaid CMS up to 0.2-6. The impacted element is an unknown function of the file cContactus.php. Such manipulation of the argument com leads to path traversal. This vulnerability is listed as CVE-2010-1267. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in WeBid 0.8.5. The affected element is an unknown function of the file confirm.php. The manipulation of the argument ID results in cross site scripting. This vulnerability was named CVE-2010-4873. The attack may be performed from remote. In addition, an exploit is available.

GhostFrame 是一种新型钓鱼工具包，利用 iframe 和动态生成的子域名隐藏恶意活动，并通过技术手段规避检测。该工具已发起超百万次钓鱼攻击。

A vulnerability classified as critical has been found in Linux Kernel up to 6.4.10. Impacted is the function alauda_check_media. Performing manipulation results in uninitialized pointer. This vulnerability is reported as CVE-2023-53847. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.52/6.4.15/6.5.2. The impacted element is the function r5l_exit_log. Executing manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2023-53848. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Robocode 1.9.3.6. This vulnerability affects the function recursivelyDelete of the component CacheCleaner. Performing manipulation results in path traversal. This vulnerability is known as CVE-2025-14306. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability marked as problematic has been reported in TianoCore EDK2. This affects an unknown function. The manipulation leads to improper input validation. This vulnerability is referenced as CVE-2025-2296. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

美国检察官起诉一名乌克兰女子参与针对全球关键基础设施的网络攻击，包括美国水系统、选举系统和核设施。她涉嫌代表俄罗斯支持的黑客组织活动，并被引渡至美国受审。

U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. [...]

Под прицелом оказалась механика, выкачивающая информацию авторов без возможности отказа.

分享一篇文章。

2025年12月10日（北京时间），微软发布了2025 年 12月安全更新，共发布了70个CVE的补丁程序，比上月增多了2个。

2025年12月9日，深瞳漏洞实验室监测到一则SAP-Solution-Manager组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-42880，漏洞威胁等级：高危。

当前环境出现异常，需完成验证后方可继续访问。

当前环境出现异常，需完成验证后方可继续访问。

当前环境出现异常，需完成验证后才能继续访问。

A vulnerability, which was classified as critical, has been found in Robocode 1.9.3.6. This impacts the function createTempFile of the component AutoExtract. Performing manipulation results in insecure temporary file. This vulnerability is identified as CVE-2025-14307. The attack is only possible with local access. There is not any exploit available.

Threat actors are now leveraging the trust users place in AI platforms like ChatGPT and Grok to distribute the Atomic macOS Stealer (AMOS). A new campaign discovered by Huntress on December 5, 2025, reveals that attackers have moved beyond mimicking trusted brands to actively utilizing legitimate AI services to host malicious payloads.​ The infection chain […]

The post Threat Actors Weaponize ChatGPT and Grok Conversations to Deploy AMOS Stealer appeared first on Cyber Security News.

FBI警告AI诈骗：犯罪分子通过短信谎称绑架亲人并索要赎金。他们发送看似真实的照片或视频，但细节有误如纹身、疤痕缺失或比例不符。有时限时发送以限制分析时间。

The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing