Aggregator

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-4450. It is possible to launch the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure.

A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-4451. The attack can be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure.

A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-4452. The attack may be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure.

A vulnerability was found in D-Link DIR-619L 2.04B04. It has been classified as critical. This affects the function formSysCmd. The manipulation of the argument sysCmd leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-4453. It is possible to initiate the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure.

A vulnerability was found in D-Link DIR-619L 2.04B04. It has been declared as critical. This vulnerability affects the function wake_on_lan. The manipulation of the argument mac leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-4454. The attack can be initiated remotely. There is no exploit available. The vendor was contacted early about this disclosure.

A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. The identification of this vulnerability is CVE-2025-4455. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as very critical was found in ATEN CL5708IM up to 2.2.214. Affected by this vulnerability is an unknown functionality. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-3710. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in ATEN CL5708IM up to 2.2.214. Affected by this issue is some unknown functionality. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-3711. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Всё начинается с безобидного поискового запроса, а заканчивается пустым кошельком.

The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations: The defaced dark web affiliate panel (Source: Help Net Security) The breach has been confirmed by LockBitSupp – the creator, developer and administator of the LockBit ransomware group – who downplayed the attack by saying that decryptors, stolen company data, and the ransomware … More →

The post LockBit hacked: What does the leaked data show? appeared first on Help Net Security.

Shawn the R0ck 写道：“Memory safety 近年来成为热门话题。但在讨论“memory safety”时，我们需要先明确究竟在探讨什么、追求什么目标。你是在关注通过编译器完成静态分析（如 Clang Static Analyzer、rustc 等）来在编译阶段捕获潜在问题，还是更信任编译器让代码顺利编译，通过运行时机制（比如 Go 或 Java 中的垃圾回收）来解决所有问题？或者，你仅仅关注于安全加固的最终目标——即防止系统遭受攻击？内存安全问题的复杂性正反映了安全领域的本质：安全是一门交叉学科，融合了计算机科学和复杂性理论，这使得要完全掌控其复杂性变得异常困难。因此，企图通过单一或者几种 “memory-safe language” 重写现有软件，从而彻底杜绝所有安全隐患，并非现实可行的方案。
一门编程语言在设计时可能就倾向于提供内存安全机制，例如自动垃圾回收、数组边界检查等，这些机制在规范层面上勾画了一个理想状态。但在现实中，不同的实现者会出于需求和性能指标的考虑采取不同的策略。例如，虽然 Lisp 通常配备垃圾回收机制、支持灵活的数据操作和动态类型系统，但这并不意味着所有 Lisp 解释器都能完全消除内存安全问题。如果由于特定需求或追求性能而对部分安全检查作出妥协，那么内存越界或非法指针访问等安全隐患依然有可能出现。
同样，C/C++ 被长期视为“不安全”的语言，因为它允许程序员直接操作内存和执行指针运算。然而，通过严谨的工程化手段（如静态分析工具、严格的代码审查、运行时检测机制等），使得 C/C++ 在特定环境下无限接近无 Bug 状态也是可能的。本文将以 HardenedLinux 过去数十年中在对抗系统复杂性、提升内存安全方面的一些做法为背景进行探讨。总体来看，内存安全不仅关乎编译器或运行时单一环节的责任，而是需要在语言设计、工具支持、工程实践等多方面协同努力，以实现最终“系统不被攻陷”的安全目标。本文不涉足强制访问控制，沙箱，Linux内核加固等议题。”

底层逻辑不再是大打小，而是快打慢。

底层逻辑不再是大打小，而是快打慢。

底层逻辑不再是大打小，而是快打慢。

Цепочка из трёх уязвимостей SonicWall позволяет получить root и перехватить контроль над VPN-системой.

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time decisions. If they’re not

关键词安全漏洞思科发布了一项安全公告,解决了适用于无线局域网控制器(WLC)的IOS XE软件中的一个关键漏洞

关键词恶意软件网络安全公司Bitdefender近日揭露，黑客正利用脸书（Facebook）广告网络，通过伪造

关键词网络攻击波兰警方近日逮捕了4名运营DDoS（分布式拒绝服务）攻击租用平台的犯罪嫌疑人。