Aggregator

HackerNews 编译，转载请注明出处： 总部位于得克萨斯州的金融科技服务商Marquis软件解决方案公司已确认发生数据泄露事件，此次事件波及超 78 万名用户。该公司为全美 700 余家银行及信用社提供服务。 此次泄露事件始于 8 月 14 日，攻击者通过利用 SonicWall 防火墙漏洞侵入了公司网络。据悉，Marquis公司发现入侵行为后，立即关停了受影响系统，并聘请外部网络安全专家介入调查。 10 月下旬完成的内部审查显示，未授权攻击者获取并复制了部分商业客户的文件，这些文件包含个人及金融相关信息。 Xcape 公司安全工程师诺艾尔・村田表示：“Marquis事件是第三方供应商集中化给金融服务行业带来系统性风险的最新例证。” “一家处于众多银行数据流中的中型供应商，一旦发生安全事件，其影响范围会瞬间扩大至全国层面。” 尽管该公司尚未发现与此次事件相关的身份盗用或欺诈迹象，但备案文件显示，至少有 74 家银行和信用社受到波及。 缅因州、得克萨斯州和艾奥瓦州最新提交的通知文件，详细披露了此次泄露事件的发生过程及影响范围。 社区第一信用社一份现已被移除的备案文件指出，Marquis公司在攻击发生后不久曾支付赎金以阻止数据外泄，但该公司并未对此说法予以回应。 上述备案文件证实，多州用户均受到此次事件影响，且泄露的个人数据类型相近，包括姓名、住址、出生日期、社会保险号、纳税人识别号以及银行或银行卡账户详情。 Marquis公司将为受影响用户提供 1 至 2 年的免费信用监测及身份保护服务。 此外，该公司表示在事件发生后已推出一系列安全强化措施，具体如下： 确保所有防火墙设备均完成补丁更新 更换本地账户密码 注销未使用的账户 为所有防火墙及 VPN 账户启用多因素认证（MFA） 延长防火墙日志留存时长 增设 VPN 多次登录失败锁定规则 对已授权国家启用地理 IP 过滤 阻断与已知僵尸网络控制服务器的连接 Suzu Labs首席执行官迈克尔・贝尔评论称：“这份整改清单道出了问题本质。” “这些安全管控措施本应在零日漏洞出现前就全部落实到位。零日漏洞只是为攻击者打开了大门，而基础的安全防护水平才决定了他们闯入后的破坏程度。” 安全研究人员还指出，近期多起与 SonicWall 相关的泄露事件均与 Akira 勒索软件团伙有关，但本次事件目前尚无任何组织宣称负责。 Marquis公司表示相关调查仍在进行中，截至发稿时，尚未发现被盗数据在网络上流传的证据。   消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.196/6.1.158/6.6.116/6.12.58/6.17.8. This impacts the function memfd_secret of the component secretmem. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-40272. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.58/6.17.8. This issue affects the function kvm_gmem_release of the component KVM. Executing manipulation can lead to use after free. The identification of this vulnerability is CVE-2025-40274. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.17.8. The impacted element is the function __read_swap_cache_async of the component swap. This manipulation causes use after free. This vulnerability is tracked as CVE-2025-40270. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

RCTF wp

AI agents are starting to take on tasks that used to be handled by people. These systems plan steps, call tools, and carry out actions without a person approving every move. This shift is raising questions for security leaders. A new research paper offers one of the first attempts to measure how well these agents stay inside guardrails when users try to push them off course. The work comes from a group of researchers at … More →

The post AI agents break rules in unexpected ways appeared first on Help Net Security.

Mozilla 释出了 Firefox 146。主要新特性包括：对所有用户开放 Firefox Labs；macOS 版本将有一个专门的 GPU 进程，图形代码中的致命错误将不会导致浏览器崩溃，而是重启 GPU 进程；Linux 版本原生支持 Wayland 分数缩放显示，提升渲染效率；Windows 版本停止支持 Direct2D，需要 Direct2D 的用户建议用 140ESR 版本；WebCrypto 支持压缩椭圆曲线点；更新 Skia 图形库；支持 CSS text-decoration-inset 属性、支持 @scope 规则，等等。

PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ extension, introducing detection for the critical React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478). This server-side request forgery (SSRF) flaw in React applications allows attackers to execute arbitrary shell commands, potentially leading to full remote code execution (RCE) on affected servers. Security researchers and […]

The post Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities appeared first on Cyber Security News.

A vulnerability marked as critical has been reported in zevv Duc up to 1.4.5. This affects the function buffer_get. Performing manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2025-13654. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.57/6.17.7. Affected by this issue is the function exfat_mkdir. Such manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-40307. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.15.2. This issue affects the function in_hw_restart of the component wifi. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-38121. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

嗯，用户让我帮忙总结一篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”这样的开头。好的，我先看看这篇文章讲的是什么。 文章标题是“WeakJump CTF 逆向题深度解析：从零到完整攻破的技术之路”。看起来是关于CTF竞赛中的逆向工程题目。作者详细介绍了如何分析和解决这个题目。 首先，文章提到了题目提供了一个名为weakjump的二进制文件，要求找到正确的flag。分析了文件类型，发现是静态链接、64位ELF文件，并且被stripped了符号表，增加了分析难度。 接下来，作者介绍了使用strace追踪系统调用，发现程序调用了ptrace来反调试。然后详细讲解了如何绕过反调试机制，使用GDB脚本修改返回值。 然后是静态分析部分，使用radare2查找字符串和关键函数，识别出加密算法可能使用了TEA算法，并发现了Feistel网络结构。 动态调试部分，作者编写了GDB脚本来捕获轮函数的调用和返回值，绕过了程序的反调试和比对失败的跳转。 最终通过分析加密流程和数据流向，提取密文并结合动态调试获取的数据，成功解密得到了flag。 总结一下，这篇文章详细记录了解决一个复杂逆向工程题目的全过程，包括反调试、静态分析、动态调试、加密算法识别等技术。 文章详细解析了一道CTF逆向题WeakJump的解题过程。通过分析二进制文件、绕过反调试机制、静态与动态分析相结合的方法，最终识别出基于Feistel网络的加密算法并成功解密获得flag。

Считали мат бескультурьем, а это главный признак живого интеллекта (и отсутствия ИИ).

文章描述了错误代码521的原因及其解决方案，指出该错误通常由网络连接问题或服务器配置错误引起，并建议检查网络连接、清除缓存或联系技术支持以解决问题。

HackerNews 编译，转载请注明出处： 为美国军方提供情报、监视与侦察服务的军工承包商 MAG 航空航天公司（MAG Aerospace）遭遇网络攻击，导致员工数据发生泄露。 本周早些时候，该公司已开始通知数千名可能受影响的人员，向其分发详细说明此次网络攻击事件的数据泄露告知函。 MAG 航空航天公司表示，2025 年 8 月下旬，公司监测到内部网络出现可疑活动。为隔离安全隐患，这家总部位于费尔法克斯的军工承包商当即停用了受影响账户，防止泄露范围进一步扩大至更多系统。 公司在泄露告知函中称：“我们已采取多项措施遏制事件影响，包括隔离相关资产、停用受影响的账户与域名、阻断网络访问权限、重置受影响账户密码，并已联络执法部门介入调查。” 后续针对未授权访问的分析显示，攻击者获取了 “少量电子存储的个人信息”，且暂无证据表明泄露数据遭到不当处置。 MAG 航空航天公司为美军提供情报工程服务，其公开披露的合作客户包括美国陆军、联邦应急管理局（FEMA）、美国总务管理局（GSA）、国防情报局（DIA）、国务院、美国太空司令部等重要政府机构。据悉，该公司年收入超 14 亿美元，员工规模逾 1400 人。 公司在数据泄露告知函中解释：“MAG DS 公司（商号为 MAG 航空航天）在全球范围内提供高技术性服务与工程解决方案，我们会在日常业务运营及员工管理工作中获取并留存个人信息。” 该公司未明确披露此次事件中具体泄露的数据类型，但表示将为可能受影响的人员提供为期 24 个月的免费欺诈监测与身份盗用保护服务。 通常情况下，企业仅会在用户姓名、社会保险号（SSN）等身份标识信息泄露时，为相关人员提供此类保护服务。 鉴于 MAG 航空航天所处行业的敏感属性，其泄露的数据对威胁行为者及国家级攻击者而言堪称 “金矿”。至少，个人信息失窃会让攻击者得以发起极具迷惑性的钓鱼攻击与社会工程学攻击，进而诱导受害者在设备上不慎安装恶意软件。     消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17.7. This issue affects the function io_estimate_bvec_size of the component io_uring. The manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2025-40291. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in AMD Ryzen 9000HX Processors. Affected by this issue is some unknown functionality. Executing manipulation can lead to improper handling of insufficient entropy in trng. This vulnerability appears as CVE-2025-62626. The attack requires local access. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Adobe Animate up to 22.0.9/23.0.1. This issue affects some unknown processing. The manipulation leads to use after free. This vulnerability is listed as CVE-2023-29321. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in Adobe Experience Manager up to 6.5.16.0. This issue affects some unknown processing. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2023-29322. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in JFinalCMS 5.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2023-49383. Remote exploitation of the attack is possible. Furthermore, an exploit is available.