Aggregator

A vulnerability identified as critical has been detected in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0. This impacts an unknown function of the component Screen Recording Framework Module. This manipulation causes race condition. This vulnerability is tracked as CVE-2025-58303. The attack is restricted to local execution. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0. This affects an unknown function of the component Print Module. The manipulation results in improper access controls. This vulnerability is identified as CVE-2025-58294. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0. It has been rated as problematic. The impacted element is an unknown function of the component File Management Module. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-64312. It is possible to launch the attack on the physical device. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Huawei HarmonyOS and EMUI. It has been declared as critical. The affected element is an unknown function of the component USB Driver Module. Executing manipulation can lead to use after free. The identification of this vulnerability is CVE-2025-58311. The attack can only be executed locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0. It has been classified as problematic. Impacted is an unknown function of the component Call Module. Performing manipulation results in security check for standard. This vulnerability was named CVE-2025-58308. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Huawei HarmonyOS 5.0.1 and classified as critical. This issue affects some unknown processing of the component Gallery app. Such manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-58305. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0 and classified as problematic. This vulnerability affects unknown code of the component File Management Module. This manipulation causes information management error. This vulnerability is handled as CVE-2025-58304. It is feasible to perform the attack on the physical device. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Huawei HarmonyOS and EMUI. This affects an unknown part of the component Settings Module. The manipulation results in improper access controls. This vulnerability is known as CVE-2025-58302. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Logpoint SIEM up to 7.6.x. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is traded as CVE-2025-66361. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Logpoint SIEM up to 7.6.x. Affected by this vulnerability is an unknown functionality of the component Access Control Policy. Executing manipulation can lead to incorrect authorization. This vulnerability appears as CVE-2025-66360. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Iteras Peppol-py up to 1.1.0. Affected is an unknown function of the component XML Parser. Performing manipulation results in xml external entity reference. This vulnerability is reported as CVE-2025-66371. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Logpoint SIEM up to 7.6.x. This impacts an unknown function. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-66359. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

Machine learning (ML) privacy concerns continue to surface, as audits show that models can reveal parts of the labels (the user’s choice, expressed preference, or the result of an action) used during training. A new research paper explores a different way to measure this risk, and the authors present findings that may change how companies test their models for leaks. Why standard audits have been hard to use Older privacy audits often relied on altering … More →

The post New observational auditing framework takes aim at machine learning privacy leaks appeared first on Help Net Security.

根据发表在《科学》期刊上的一项研究，家猫抵达欧洲的时间可能比之前认为的要晚得多：它们约在 2000 年前才来到欧洲，家猫的到来也不是因为旧石器时代近东农民的向外扩张。这些发现为人类最神秘的动物伴侣之一的起源提供了新的见解，并确定北非才是现代家猫的摇篮。研究人员对 87 个古代和现代猫的基因组进行了古基因组学分析。他们发现家猫最有可能起源于北非（而非黎凡特）野猫，而真正的家猫仅在进入新石器时代之后数千年才出现于欧洲和西南亚；这些发现与之前的研究结果相左。基因学分析显示，早期见于欧洲和土耳其的猫属欧洲野猫，其反映的是发生在古代的杂交而非早期驯化。当北非家猫被引入后，它们（通常沿着罗马军用道路）在整个欧洲迅速扩散，并在公元 1 世纪时到达不列颠。

This week’s threat landscape (Week 48) reveals a surge in newly reported vulnerabilities, enhanced malware capabilities, and increasingly refined social-engineering […]

The post Weekly Threat Landscape Digest – Week 48 appeared first on HawkEye.

The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as a simple npm supply chain attack that flooded GitHub with spam repositories, new analysis reveals a far more sophisticated operation. Entro Security researchers […]

The post Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets appeared first on Cyber Security News.

error code: 521

HackerNews 编译，转载请注明出处： 2025年9月，黑客组织对朝日集团发动勒索软件攻击，窃取了约200万客户和员工的个人信息，并严重扰乱了该公司在日本的业务运营。 事件披露 朝日集团是日本最大的酿酒企业，以生产朝日超爽啤酒等畅销啤酒，以及软饮和其他饮品闻名，业务覆盖国内外市场，在欧洲和亚洲拥有强劲市场份额。 9月29日，该公司在遭遇网络攻击后暂停了日本分公司的运营，其他地区分公司未受影响。此次攻击导致朝日集团的订单处理、物流运输业务陷入停滞，呼叫中心及客户服务平台也无法正常使用。 10 月 3 日，朝日集团确认遭受勒索软件攻击，但未披露发起此次安全事件的黑客组织名称。 公司声明称：“发现此次事件后，我们立即成立了应急响应总部展开调查，经核实，我们的服务器成为勒索软件攻击目标。” 麒麟勒索软件（Qilin ransomware）声称对此次针对啤酒巨头朝日集团的攻击负责，并泄露了 27GB 窃取的数据，其中包括员工文件和财务文档。 麒麟勒索软件攻击详情 该勒索软件组织窃取了9323个文件，并在其Tor数据泄露网站上公布了29张被盗文件的照片，被盗文件包括合同、员工信息、财务数据及业务资料等。 10 月，朝日集团发布更新公告，确认攻击中被盗的数据已在网络上出现，公司正调查事件影响范围，并将通知受影响相关方。 目前，朝日集团已明确黑客窃取的信息包括： 152.5 万名曾联系其客户服务部门的人员数据（含姓名、地址、电话号码及电子邮箱）； 超 38.9 万名其他人员的个人信息，涵盖信息接收者、员工及其家属的联系方式等。 具体而言，黑客窃取了 11.4 万名信息接收者、10.7 万名员工（含退休人员）及 16.8 万名员工家属的信息，涉及姓名、联系方式、出生日期及性别等内容。 公司公告指出：“调查显示，攻击者通过集团场地内的网络设备非法接入数据中心网络，同时部署勒索软件，对多台运行中的服务器及部分接入网络的电脑设备进行数据加密。在针对受攻击系统的影响范围及细节展开调查时，我们发现员工使用的公司配发电脑中部分数据已泄露，数据中心服务器中存储的个人信息也可能存在泄露风险。目前尚未确认这些数据已被发布至互联网，此次攻击对系统的影响仅限于日本地区管理的相关业务。” 朝日集团强调，攻击者未获取客户信用卡信息等财务数据。 朝日集团总裁兼集团首席执行官胜木淳司表示：“对于近期系统中断给相关方带来的不便，我谨致以诚挚的歉意。我们正全力加快系统全面恢复，并实施各项防范措施防止类似事件再次发生，同时强化整个集团的信息安全体系。 在产品供应供应方面，随着系统逐步恢复，发货正在分阶段恢复。对于持续给大家带来的不便，我们再次表示歉意，感谢您的理解与支持。”     消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Public-Private Cooperation Key for Ransomware Mitigation, Says Anne Neuberger
Ongoing, high-profile ransomware attacks against Britain and the United States have transformed cybersecurity into a national security priority, Anne Neuberger, the former White House deputy national security adviser for cyber, said at a Wednesday event in London.

Крупнейший архив жизни людей того времени наконец доступен нам полностью.