Aggregator

WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and L’Oréal

For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. It’s no surprise

WhatsApp, the world’s most popular messaging app, is entering a new era as Meta officially begins rolling out advertisements within its Updates tab—a move that marks the platform’s most significant shift in monetization since its inception. The announcement, made on June 16, signals WhatsApp’s intent to leverage its vast user base of over two billion […]

The post WhatsApp’s Status Tab Set to Feature Ads as Meta Monetizes Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-6146. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The identification of this vulnerability is CVE-2025-6148. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in cri-o up to 1.28.6/1.29.4/1.30.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /proc/mounts. The manipulation leads to symlink following. This vulnerability is handled as CVE-2024-5154. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is known as CVE-2025-6162. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is handled as CVE-2025-6163. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability was named CVE-2025-6165. The attack can be initiated remotely. Furthermore, there is an exploit available.

Threat actors are leveraging deceptive tactics to distribute a fileless variant of AsyncRAT, a notorious remote access Trojan. Discovered during routine attacker infrastructure analysis, this operation employs a fake verification prompt themed around the “Clickfix” technique to trick users into executing malicious commands. The campaign, which appears to target German-speaking individuals as evidenced by the […]

The post Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

pydantic-ai 通过将结构化输出巧妙地抽象为一种强制性的工具调用，并深度整合 Pydantic 的模式生成与验证能力，实现了一套极为可靠的 LLM 输出约束机制...

ModelContext Inspector 未授权访问漏洞(CVE-2025-49596)

双方聚焦云安全、智算数据中心建设、大模型安全等关键领域，推动产品与业务场景融合，打造领先数字化安全底座。

关键词安全漏洞2025年5月21日，Grafana Labs 发布安全更新，修复了由安全研究人员 Alvaro

关键词Windows2025年4月，微软发布了一项关于 Windows Hello 的重要安全通告，修复了编号

关键词罗马仕近日，多所高校陆续发布通知，提醒师生停止使用罗马仕部分型号充电宝，因其在充电过程中存在更高的起火爆

关键词勒索软件近日，网络安全公司趋势科技发布报告，揭示新兴勒索软件即服务（RaaS）平台“Anubis”的危险

A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS. The flaw, tracked as CVE-2025-3464, allows attackers to bypass security controls and gain the highest level of privileges on affected systems, potentially […]

The post ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

速修复