Aggregator

A vulnerability labeled as problematic has been found in couch-auth up to 0.21.2. This impacts an unknown function of the file src/user.ts. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-60794. The attack needs to be performed locally. There is not any exploit available.

A vulnerability identified as critical has been detected in Narkom Pyxis Signage up to 31012025. This affects an unknown function. This manipulation causes unrestricted upload. This vulnerability is registered as CVE-2025-0645. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in phpPgAdmin up to 7.13.0. The impacted element is the function browseQuery of the file display.php. The manipulation of the argument Query results in sql injection. This vulnerability is cataloged as CVE-2025-60798. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in phpPgAdmin up to 7.13.0. It has been rated as critical. The affected element is an unknown function of the file dataexport.php. The manipulation of the argument Query leads to sql injection. This vulnerability is listed as CVE-2025-60797. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Ilevia EVE X1 Server up to 6.00 2025_07_21. It has been declared as critical. Impacted is an unknown function of the file ping.php. Executing manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2025-60738. The attack can be launched remotely. No exploit exists.

There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s device, and the capability can be leveraged by attackers. Comet can run applications, read files and modify data on the local system. “Old-school” browsers normally block this level of access, but (some) AI-powered browsers are effectively braking … More →

The post Security gap in Perplexity’s Comet browser exposed users to system-level attacks appeared first on Help Net Security.

D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. [...]

《自然》期刊发表的一篇论文发现，人脑对熟悉和陌生语言的声音会有相似的反应。这一研究结果实证了语音感知的跨语言共性，有助于人们理解大脑如何处理语音，并有望指导今后的语言学习和康复的方式。所有口语都有一些相同的声学-语音特征，如元音和辅音，但这些声音组合成词的方式却各不相同。此前研究发现，大脑颞上回区域在语音感知中起到关键作用，但并不清楚颞上回处理熟悉和陌生语言的方式是否一致。中美科学家招募了 34 名讲西班牙语、英语或普通话的受试者，并在他们聆听母语语句和陌生外语语句时记录了他们的脑活动。研究人员发现，此次研究的大部分脑活动都来自颞上回，而且对于熟悉和陌生语言具有相似性。不过，在听到一种已知语言时，脑信号对于词汇相关特征的反应会增强，如词边界(词头和词尾)和词频。在讲西英双语的受试者中，这些信号对两种语言都会增强。研究结果表明，虽然大脑处理不同语言的基本语音的方式相同，但经验能将这些语音组合成词。这或许能解释为何学一种新语言很难：不仅要听辨声音，还要学会如何组合它们。

Устройство размером с кристаллик соли работает как биологический Wi-Fi.

Что на самом деле случилось с сайтом Xubuntu в октябре.

Windows 11 migration is inevitable as Windows 10 support ends, and unsupported systems create major security and ransomware risks. Acronis explains how to use this migration to review backups, strengthen cybersecurity, and ensure data stays recoverable. [...]

From secure service mesh rollouts to AI cluster hardening, see how KubeCon + CloudNativeCon NA 2025 redefined identity, trust, and governance in Kubernetes environments.

The post Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025 appeared first on Security Boulevard.

CISA launches guide to combat cybercrime via bulletproof hosting, recommending measures for ISPs

Oligo Security announced new capabilities to protect the broadest spectrum of AI deployments, including AI applications, LLMs, and agentic AI. The new platform modules address the largest blind spot in AI security by securing production AI technologies that remain largely ungoverned, unmonitored, and operating in real time. “AI is moving into production faster than it can be secured, forcing businesses to take greater risks in the name of speedy innovation,” said Nadav Czerninski, CEO, Oligo … More →

The post Oligo delivers runtime-native security for models and agents appeared first on Help Net Security.

Встречайте - первый человек с генетическим редактированием «под заказ»: Кэй Джей.

JustAskJacky jeopardizes users and Rhadamanthys rises in this month's edition of Intelligence Insights

Tsundere represents a significant shift in botnet tactics, leveraging the power of legitimate Node.js packages and blockchain technology to distribute malware across multiple operating systems. First identified around mid-2025 by Kaspersky GReAT researchers, this botnet demonstrates the evolving sophistication of supply chain attacks. The threat originates from activity first observed in October 2024, where attackers […]

The post Tsundere Botnet Abusing Popular Node.js and Cryptocurrency Packages to Attack Windows, Linux, and macOS Users appeared first on Cyber Security News.

A new banking malware called Sturnus has emerged as a significant threat to mobile users across Europe. Security researchers have discovered that this sophisticated Android trojan can capture encrypted messages from popular messaging apps like WhatsApp, Telegram, and Signal by accessing content directly from the device screen after decryption. The malware’s ability to monitor these […]

The post Sturnus Banking Malware Steals Communications from Signal and WhatsApp, Gaining Full Control of The Device appeared first on Cyber Security News.

加拿大在本月初失去麻疹消除国地位，因为麻疹疫情在该国持续了一年之久。而美国的麻疹疫情已经持续了 10 月，距离失去麻疹消除国地位仅剩下两个月时间。美国疾控中心（CDC）的官员确认，亚利桑那州和犹他州交界处最近爆发的麻疹疫情是今年 1 月中下旬西德克萨斯州爆发的麻疹疫情的延续，两起疫情源自相同的麻疹病毒亚型。失去麻疹消除国地位意味着麻疹将再次被视为美国的地方性流行病，对于一种疫苗可预防疾病而言，这是一次令人尴尬的公共卫生倒退。美国现任卫生部长是一位反疫苗者。