Aggregator

A vulnerability was found in Apple Safari. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Pop-Up Window Handler. Such manipulation leads to improper restriction of rendered ui layers. This vulnerability is referenced as CVE-2025-31266. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6/15.4 and classified as problematic. Affected by this issue is some unknown functionality of the component App. This manipulation causes information disclosure. This vulnerability is handled as CVE-2025-31248. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.

Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we analyze the critical incidents defining the current threat landscape. If this week has taught us anything, it is that the stability of our digital infrastructure is just as volatile as the security of the software running upon it. We are witnessing a […]

The post Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach appeared first on Cyber Security News.

Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. [...]

美国疾病控制与预防中心（CDC）的科学家近日已接到逐步停止所有猴子研究工作的指令。这将导致约 200 只恒河猴和豚尾猴参与的研究工作停止。这些猴子曾被用于艾滋病、肝炎和其他传染病研究。目前它们前路未卜，其中一部分可能被转移到灵长类动物保护区，另一部分可能会被安乐死。此举将是美国政府机构首次终止其内部的非人灵长类动物研究项目。多年来一直致力于推动政府终止对动物研究支持的美国非营利组织“白大褂废物项目(White Coat Waste Project)”对这上述决定表示欢迎。而生物医学科学家则警告称，此举将是一个重大错误。他们表示，CDC 的猴子研究项目对于艾滋病病毒暴露前预防药物研发至关重要，这种预防策略已经大幅降低全球艾滋病感染率。

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery RONINGLOADER: DragonBreath’s New Path to PPL Abuse   npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects  GPT Trade: Fake Google Play Store […]

We use cookies on our website to give you the most relevant experience by remembering your preferenc

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks U.S. CISA adds an Oracle […]

We use cookies on our website to give you the most relevant experience by remembering your preferenc

Земля превращается в стерильную пустыню из газонов и бетона — опылители гибнут миллиардами ежедневно.

ISCC2025

在 Linux 操作系统上 Firefox 浏览器将所有文件都储存在 ~/.mozilla 目录下。2004 年 9 月递交的一份 bug 报告呼吁 Firefox 遵守 Freedesktop.org 的 XDG Base Directory Specification 目录标准：将配置文件、缓存数据、用户数据等储存在不同目录，如 ~/.config 和 ~/.local/share。21 年后，Firefox 终于解决了该 bug，从 Firefox 147 起它将支持 XDG Base Directory Specification 目录标准。

ISCC2025决赛

The holidays can be hard on any budget, but there may be a way to make it a little easier. Instead of dashing through the snow all around town, get all your shopping done under one roof at Costco. Right now, you can even get a 1-Year Costco Gold Star Membership plus a $40 Digital Costco Shop Card*, and it's still only $65. [...]

A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels. The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for secure administrative access to their cloud infrastructure. Attackers Can Escalate Privileges Without User Interaction The […]

The post Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.4.10. This issue affects the function bus_get_dev_root of the component amd-pstate. Such manipulation leads to state issue. This vulnerability is documented as CVE-2023-53550. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now.

针对传统SCA（软件成分分析）工具仅依赖版本匹配，导致告警泛滥、误报率高，且无法判断漏洞是否在应用代码中真实可达的行业痛点，提出了一种创新的解决方案：利用 LLM Agent 联动 SCA、SAST 和 DAST

题目知识点大概是自写壳+自写类tea加密

本文将讨论Synology TC500 智能摄像头的RCE利用，利用的是一个有趣的格式化字符串（format string）漏洞案例。