Aggregator

A vulnerability was found in ORICO CD3510 1.9.12. It has been classified as critical. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. This vulnerability is documented as CVE-2025-14220. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in SourceCodester Online Banking System 1.0. It has been declared as problematic. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. This vulnerability is reported as CVE-2025-14221. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in MyBB 1.8.38. It has been classified as problematic. The affected element is an unknown function of the file install\index.php. This manipulation of the argument Website Name causes cross site scripting. This vulnerability is tracked as CVE-2024-52702. The attack is possible to be carried out remotely. No exploit exists.

非洲企鹅每年都会换羽，脱落磨损的旧羽毛换上新羽毛，以保持羽毛的保暖和防水性能。换羽期间企鹅生活在陆地上三周无法捕猎，因此演化出储存脂肪的机制，利用自身脂肪度过换羽禁食期。换羽之后它需要迅速捕捉食物以恢复体能。如果换羽前后没有找到足够的食物，它们会难以生存。南非研究人员报告，在 2004-2011 年间南非西部沿海的沙丁鱼储量低于其峰值的四分之一（主要原因是过度捕捞），可能导致企鹅因为食物严重短缺而大规模死亡，期间估计有 6.2 万只企鹅死亡。非洲企鹅在 2024 年被列为极度濒危物种。研究人员称其它地区的企鹅种群数量也出现了大规模锐减。过去 30 年企鹅全球种群数量下降了近 80%。

Submit #702619 / VDB-334764

Submit #702487 / VDB-334763

Submit #702484 / VDB-334762

A vulnerability categorized as critical has been discovered in phpipam 1.4. Affected is an unknown function of the file app/admin/custom-fields/order.php. Executing manipulation of the argument table as part of Parameter can lead to sql injection. This vulnerability appears as CVE-2019-16693. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in OpenRepeater up to 2.1. Affected by this issue is some unknown functionality of the file functions/ajax_system.php. The manipulation of the argument post_service leads to os command injection. This vulnerability is documented as CVE-2019-25024. The attack requires being on the local network. Additionally, an exploit exists. It is advisable to upgrade the affected component.

CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety.

The post CISA Releases New AI-in-OT Security Guidance: Key Principles & Risks appeared first on Security Boulevard.

Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models, tools, data sources, and memory stores. A research team from NVIDIA and Lakera AI has released a safety and security framework that tries to map these risks and measure them inside real workflows. The work … More →

The post NVIDIA research shows how agentic AI fails under attack appeared first on Help Net Security.

Name: WannaGame Championship 2025 (an WannaGame Championship event.)
Date: Dec. 6, 2025, 1 a.m. — 08 Dec. 2025, 01:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.cnsc.com.vn/
Rating weight: 29.00
Event organizers: Wanna.One

摘要以下内容，均摘自于互联网，由于传播，利用此文所提供的信息而造成的任何直接或间接的后果和损失，均由使用者本人

AMD, Intel и ARM вместе работают над одной задачей. В ядро Linux добавили шифрование PCIe-соединений.

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs. "This malware enables remote control of compromised systems by allowing

知名开源电子书管理程序 Calibre 上周释出了最新更新 v8.16.2，主要变化是加入了 AI 功能：允许询问 AI 有关 Calibre 书库中任何书籍的问题；右键​​“查看”选择“与 AI 讨论所选书籍”；右键一本书使用“相似书籍”菜单询问 AI 接下来读什么书；加入 LM Studio 后端，允许在本地运行不同 AI 模型。 对 AI 不满的用户随后创建了一个分支 Clbre，主要变化就是移除了 AI 功能。Clbre 的代码托管在正在大力集成 AI 的微软 GitHub 平台上。

Operational teams know that access sprawl grows fast. Servers, virtual machines and network gear all need hands-on work and each new system adds more identities to manage. A bastion host tries to bring order to this problem. It acts as a single entry point for sysadmins and developers who connect to infrastructure through ssh. This model is old in theory, but The Bastion open-source project shows how far a purpose-built access layer can go. A … More →

The post The Bastion: Open-source access control for complex infrastructure appeared first on Help Net Security.

Дети, ходившие с флагами России, теперь задумываются об эмиграци.

A vulnerability has been found in code-projects Currency Exchange System 1.0 and classified as critical. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-14218. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.