DragonForce
You must login to view this content
Aggregator
DragonForce
7 months ago
You must login to view this content
cohenido
CVE-2025-49743 | Microsoft Windows up to Server 2025 Graphics use after free (Nessus ID 249138 / WID-SEC-2025-1790)
7 months ago
A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Graphics. Executing manipulation can lead to use after free.
The identification of this vulnerability is CVE-2025-49743. The attack can only be executed locally. There is no exploit available.
A patch should be applied to remediate this issue.
vuldb.com
CVE-2025-61138 | Qlik Sense Enterprise 14.212.13 /dev-hub/ information disclosure (WID-SEC-2025-2656)
7 months ago
A vulnerability, which was classified as problematic, has been found in Qlik Sense Enterprise 14.212.13. This issue affects some unknown processing of the file /dev-hub/. Performing manipulation results in information disclosure.
This vulnerability is reported as CVE-2025-61138. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-48807 | Microsoft Windows up to Server 2025 communication channel to intended endpoints (EUVD-2025-24278 / WID-SEC-2025-1790)
7 months ago
A vulnerability described as critical has been identified in Microsoft Windows. The impacted element is an unknown function. The manipulation results in improper restriction of communication channel to intended endpoints.
This vulnerability is known as CVE-2025-48807. Attacking locally is a requirement. No exploit is available.
It is best practice to apply a patch to resolve this issue.
vuldb.com
新态势·新实战 | CSOP2025安全运营实战大会重庆站召开
7 months ago
CSOP 2025网络安全运营实战大会重庆站顺利召开。
BitlockMove: New PoC for Covert Lateral Movement via BitLocker DCOM Hijacking
7 months ago
BitlockMove Lateral Movement via Bitlocker DCOM & COM Hijacking. This Proof of Concept (PoC) for Lateral Movement abuses
The post BitlockMove: New PoC for Covert Lateral Movement via BitLocker DCOM Hijacking appeared first on Penetration Testing Tools.
ddos
CVE-2025-40209 | Linux Kernel up to 6.12.57/6.17.7/6.18-rc4 btrfs_add_qgroup_relation return value (WID-SEC-2025-2658)
7 months ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.57/6.17.7/6.18-rc4. Affected by this issue is the function btrfs_add_qgroup_relation. Executing manipulation can lead to unchecked return value.
This vulnerability is tracked as CVE-2025-40209. The attack is only possible within the local network. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2025-40211 | Linux Kernel up to 6.12.57/6.17.7/6.18-rc3 ACPI acpi_video_switch_brightness use after free (WID-SEC-2025-2658)
7 months ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.57/6.17.7/6.18-rc3. Affected by this vulnerability is the function acpi_video_switch_brightness of the component ACPI. Performing manipulation results in use after free.
This vulnerability is identified as CVE-2025-40211. The attack can only be performed from the local network. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2025-40210 | Linux Kernel up to 6.17.7/6.18-rc3 NFSD allocation of resources (WID-SEC-2025-2658)
7 months ago
A vulnerability classified as critical was found in Linux Kernel up to 6.17.7/6.18-rc3. Affected is an unknown function of the component NFSD. Such manipulation leads to allocation of resources.
This vulnerability is referenced as CVE-2025-40210. The attack needs to be initiated within the local network. No exploit is available.
Upgrading the affected component is advised.
vuldb.com
AMD Patches Hint at Next-Gen RDNA 5 or Enhanced GPU Architecture in Linux Driver
7 months ago
AMD has begun adding support for new graphics cards to the AMDGPU Linux driver, but the identity of
The post AMD Patches Hint at Next-Gen RDNA 5 or Enhanced GPU Architecture in Linux Driver appeared first on Penetration Testing Tools.
ddos
Microsoft Integrates Sysmon Natively into Windows 11 & Server 2025
7 months ago
Microsoft is introducing native Sysmon support in Windows, marking a significant shift in the security landscape. Capabilities that
The post Microsoft Integrates Sysmon Natively into Windows 11 & Server 2025 appeared first on Penetration Testing Tools.
ddos
慢性病在动物中蔓延
7 months ago
癌症、肥胖症、糖尿病和退行性关节病等已不再仅是人类的问题,如今它们正在动物王国里传播。在全球范围内,包括家养宠物、家畜和海洋生物在内的各种动物都出现了严重的健康问题。研究发现,遗传倾向会增加某些动物的患病风险。为了外观而选择性繁育的狗和猫,以及为提高生产力而繁育的家畜,患糖尿病和二尖瓣疾病的可能性更大。而环境因素,包括不良饮食、缺乏身体活动及长期压力,也会影响这些疾病在不同物种中出现的方式和时间。这些例子在许多环境中都能找到。家养的猫和狗肥胖现象十分普遍。最近的调查估计,有50%到60%的猫和狗属于超重范畴,这导致了猫糖尿病的发病率逐年上升。在农业环境中,约20%的圈养猪会患上骨关节炎。海洋动物也面临着类似的挑战:白鲸有患胃肠癌的记录,而养殖的大西洋鲑鱼则会患上心肌病综合征。生活在受工业化学品,如多环芳烃和多氯联苯污染的河口的野生动物,其肝癌发病率高达15%至25%。研究指出,人为驱动的生态转型正在加剧这些威胁。
Operation WrtHug: 50,000+ Outdated ASUS Routers Hacked for Covert Botnet
7 months ago
A widespread infection of outdated ASUS routers has become the focal point of a new covert campaign that
The post Operation WrtHug: 50,000+ Outdated ASUS Routers Hacked for Covert Botnet appeared first on Penetration Testing Tools.
ddos
$237 млн от даркнета и киллеров. Создатели Samourai Wallet получили реальные сроки
7 months ago
Что скрывал криптомиксер Samourai Wallet, через который прошло $2 млрд.
FortiWeb Alert: New Authenticated Command Injection Flaw (CVE-2025-58034) Actively Exploited
7 months ago
In recent days it has become apparent that FortiWeb had been accumulating issues the manufacturer chose not to
The post FortiWeb Alert: New Authenticated Command Injection Flaw (CVE-2025-58034) Actively Exploited appeared first on Penetration Testing Tools.
ddos
Protecting User Data While Boosting Visibility: Secure SEO Strategies for Manufacturers
7 months ago
Learn how manufacturers can boost visibility while protecting user data with secure SEO, passwordless authentication, and privacy-first digital strategies.
The post Protecting User Data While Boosting Visibility: Secure SEO Strategies for Manufacturers appeared first on Security Boulevard.
MojoAuth - Advanced Authentication & Identity Solutions
通用知识库拖慢AI转型?企业真正需要的是智能体应用知识中枢
7 months ago
360AI企业知识库已服务超20个行业、70万家企业
撞击地球的行星忒伊亚可能更靠近太阳
7 months ago
根据发表在《科学》期刊上的一项研究,通过追踪月球和地球岩石中的铁同位素指纹,试图揭开月球神秘前身起源之谜的研究人员为月球起源于内太阳系的观点增添了证据。研究结果披露,忒伊亚(Theia)——这颗因与地球相撞而形成月球的火星大小的行星体的诞生处可能比地球更靠近太阳。月球被认为是在太阳系形成后约一亿年时因忒伊亚与早期地球碰撞而形成的。大多数关于这一过程的模型提示,月球主要由来自这颗远古撞击体的物质构成。如果忒伊亚的同位素组成与地球不同,那么月球的同位素组成也应该与地球不同。这种同位素差异可揭示某行星体在太阳系中的起源处,从而可为了解忒伊亚的诞生处提供线索。然而对月球岩石的分析表明,月球和地球在许多元素的同位素组成上几乎等同。尽管有多种模型竞相尝试对这种相似性做出解释,但由于缺乏清晰的同位素差异以及其成因尚不确定,因此要确认忒伊亚最初形成于何处颇具挑战性。最新分析结果显示,地球和月球的铁同位素组成如出一辙,忒伊亚可能起源于内太阳系,其形成位置甚至比原地球更接近太阳。
Urgent Patch: 7-Zip Flaw (CVE-2025-11001) Actively Exploited for Code Execution
7 months ago
A recently disclosed vulnerability in the 7-Zip archiver is already being weaponized in real-world attacks, according to a
The post Urgent Patch: 7-Zip Flaw (CVE-2025-11001) Actively Exploited for Code Execution appeared first on Penetration Testing Tools.
ddos