Aggregator
Research shows identity document checks are missing key signals
Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how attackers are pushing past old defenses and how detection models are struggling to keep up. The study analyzes work published from 2020 to 2025, giving security leaders a view of where these systems stand and what is holding them back. A detection problem shaped by data limits The researchers … More →
The post Research shows identity document checks are missing key signals appeared first on Help Net Security.
A Pre-Built CNCF Pipeline: From Git to Running on Kubernetes
ShadowRay 2.0 利用未修复的 Ray 漏洞,构建可自我传播的 GPU 挖矿僵尸网络
ShadowRay 2.0 利用未修复的 Ray 漏洞,构建可自我传播的 GPU 挖矿僵尸网络
Он понимает ваш беспорядок. Представлен робот, обученный на реальных квартирах
TamperedChef 恶意软件通过伪造软件安装程序在全球持续传播
TamperedChef 恶意软件通过伪造软件安装程序在全球持续传播
CVE-2020-36870 | Ruijie RG-EG1000C prior 11.9(4)B12P1 EWEB Management System code injection (EUVD-2020-30818)
CVE-2018-25124 | RainbowFish PacsOne Server up to 6.6.2 nocache.php path path traversal (Exploit 43907 / EUVD-2018-21611)
CVE-2021-4462 | SourceCodester Employee Records System 1.0 uploadID.php unrestricted upload (Exploit 49596 / EUVD-2021-34713)
CVE-2025-64753 | gristlabs grist-core up to 1.7.6 /compare authorization (GHSA-3v78-cw58-v685)
CVE-2025-13239 | Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution /submit_checkout behavioral workflow (EUVD-2025-197719 / CNNVD-202511-1829)
CVE-2025-6171 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Packages API Endpoint authorization (Patch 549730 / EUVD-2025-197692)
CVE-2025-13250 | WeiYe-Jing datax-web up to 2.1.2 Job remove/update/pause/start/triggerJob access control (EUVD-2025-197730)
CVE-2025-13251 | WeiYe-Jing datax-web up to 2.1.2 sql injection (EUVD-2025-197731)
CVE-2025-12859 | DedeBIZ up to 6.3.2 templets_one_edit.php ids sql injection
CVE-2025-12860 | DedeBIZ up to 6.3.2 /admin/freelist_main.php orderby sql injection
CVE-2025-59288 | Microsoft Playwright signature verification (EUVD-2025-34363 / Nessus ID 270369)
SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks. The vulnerability was internally discovered and reported by SonicWall’s security team. The flaw, tracked as CVE-2025-40601, carries a CVSS score of 7.5 and affects multiple generations of SonicWall firewall products. Field […]
The post SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely appeared first on Cyber Security News.