Надоело менять пароли и бояться QR-кодов? «Разрушители мифов» в сфере ИБ разоблачили самые бесполезные советы по кибербезопасности
Новый проект объясняет, почему привычные советы не защищают и что делать вместо этого.
Aggregator
CVE-2025-59371 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 IFTTT random values
6 months 3 weeks ago
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been declared as critical. Affected is an unknown function of the component IFTTT. The manipulation results in insufficiently random values.
This vulnerability is identified as CVE-2025-59371. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-59370 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi os command injection
6 months 3 weeks ago
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been classified as critical. This impacts an unknown function of the component bwdpi. The manipulation leads to os command injection.
This vulnerability is referenced as CVE-2025-59370. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-59369 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi sql injection
6 months 3 weeks ago
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 and classified as critical. This affects an unknown function of the component bwdpi. Executing manipulation can lead to sql injection.
The identification of this vulnerability is CVE-2025-59369. The attack may be launched remotely. There is no exploit available.
vuldb.com
TechWorld黑客马拉松SHOW—— AI多模态安全网关
6 months 3 weeks ago
多模态AI应用安全网关覆盖文本、图片、音视频全链路检测,识别越狱、敏感信息与违规内容,并以小参数模型实现高效拦截与低资源消耗。方案在比赛中验证了对80+风险的有效防护,可作为AI应用安全的重要基础能力。
CVE-2023-27892 | ShapeShift KeepKey up to 7.6.x ethereum_contracts.c cf_confirmExecTx buffer overflow (EUVD-2023-31626)
6 months 3 weeks ago
A vulnerability marked as critical has been reported in ShapeShift KeepKey up to 7.6.x. Impacted is the function cf_confirmExecTx of the file ethereum_contracts.c. The manipulation leads to buffer overflow.
This vulnerability is listed as CVE-2023-27892. It is possible to launch the attack on the physical device. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2023-27906 | Autodesk Maya USD File Parser out-of-bounds (EUVD-2023-31632)
6 months 3 weeks ago
A vulnerability was found in Autodesk Maya and classified as problematic. Affected is an unknown function of the component USD File Parser. Executing manipulation can lead to out-of-bounds read.
This vulnerability is handled as CVE-2023-27906. It is possible to launch the attack on the local host. There is not any exploit available.
vuldb.com
CVE-2023-27889 | Liquid Speech Balloon up to 1.1 cross-site request forgery (EUVD-2023-31624)
6 months 3 weeks ago
A vulnerability has been found in Liquid Speech Balloon up to 1.1 and classified as problematic. This impacts an unknown function. Performing manipulation results in cross-site request forgery.
This vulnerability is reported as CVE-2023-27889. The attack is possible to be carried out remotely. No exploit exists.
The affected component should be upgraded.
vuldb.com
Golden dMSA: tool exploits Golden DMSA attack against delegated Managed Service Accounts.
6 months 3 weeks ago
Golden dMSA This tool exploits a new attack against delegated Managed Service Accounts called the “Golden DMSA” attack.
The post Golden dMSA: tool exploits Golden DMSA attack against delegated Managed Service Accounts. appeared first on Penetration Testing Tools.
ddos
Nevada’s Trojan Download, Penn’s 1.2M Donor Breach, and the Malware That Kills Your Defenses First
6 months 3 weeks ago
In Nevada, a state employee downloaded what looked like a harmless tool from a search ad. The fi
Nevada’s Trojan Download, Penn’s 1.2M Donor Breach, and the Malware That Kills Your Defenses First
6 months 3 weeks ago
In Nevada, a state employee downloaded what looked like a harmless tool from a search ad. The file had been tampered with, and that single moment opened the door to months of silent attacker movement across more than 60 agencies. That pattern shows up again and again in the latest ColorTokens Threat Intelligence Brief. Attackers rarely break in with […]
The post Nevada’s Trojan Download, Penn’s 1.2M Donor Breach, and the Malware That Kills Your Defenses First appeared first on ColorTokens.
The post Nevada’s Trojan Download, Penn’s 1.2M Donor Breach, and the Malware That Kills Your Defenses First appeared first on Security Boulevard.
Tanuj Mitra
Google построил полностью изолированное облако для военных секретов НАТО — ИИ не сольёт в интернет ни байта данных
6 months 3 weeks ago
Североатлантический альянс вооружается нейросетями.
CVE-2025-12742 | Google Looker up to 25.13 os command injection (gcp-2025-052 / EUVD-2025-199551)
6 months 3 weeks ago
A vulnerability categorized as critical has been discovered in Google Looker up to 25.13. Affected by this vulnerability is an unknown functionality. The manipulation results in os command injection.
This vulnerability is reported as CVE-2025-12742. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
Detection Engineering: Practicing Detection-as-Code – Tuning – Part 8
6 months 3 weeks ago
Detections should adapt to changes in the monitored environments. As organizations modify thei
Как заставить ИИ перестать врать и саботировать? Anthropic знает: разрешить ему это
6 months 3 weeks ago
Исследование Anthropic показало, что мягкое разрешение обходов снижает риск несоответствия моделей.
SitusAMC confirms data breach affecting customer information
6 months 3 weeks ago
SitusAMC says a recent breach exposed customer data; the real-estate financing firm provides back-office services for banks and lenders. SitusAMC, a leading real-estate financing services provider for banks and lenders, disclosed a data breach discovered earlier this month that exposed customer information. The firm manages back-office functions such as mortgage origination, servicing, and compliance for […]
Pierluigi Paganini
SitusAMC confirms data breach affecting customer information
6 months 3 weeks ago
SitusAMC confirms data breach affecting customer information Pi
10-jarig Defensity College kweekvijver voor Defensie
6 months 3 weeks ago
Defensity College (DC) speelt een rol bij de groei van Defensie naar 100.000 medewerkers in 2030. DC biedt hbo- en universitaire studenten als werkstudent de kans om militair te worden. Zaterdag vierde het zijn 10-jarige bestaan in Leiden.
Interlock
6 months 3 weeks ago
You must login to view this content
cohenido
HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials
6 months 3 weeks ago
A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an incorrect default configuration in Vault’s Terraform Provider. Specifically, the provider set the deny_null_bind parameter […]
The post HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials appeared first on Cyber Security News.
Abinaya