Aggregator

A vulnerability classified as critical has been found in Oracle Retail Advanced Inventory Planning 15.0/16.0. This affects an unknown part of the component AIP Dashboard. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-17091. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Retail Merchandising System 16. This vulnerability affects unknown code of the component Inventory Tracking. The manipulation leads to cross site scripting. This vulnerability was named CVE-2019-17091. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

印巴爆发了武装冲突，印度的空袭导致了至少 8 名巴基斯坦平民死亡。可能是出于通讯和宣传的需要，巴基斯坦解除了对 X 的封禁，即当地网民不再需要 VPN 就能直接访问 X/Twitter。巴基斯坦是在 2024 年 2 月大选之后以国家安全的理由封锁了 X，此后巴基斯坦网民不得不通过 VPN 访问该社交平台。巴基斯坦政府官员去年 8 月还一度宣称由于大量用户使用 VPN 而导致网络访问缓慢。

​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. [...]

A vulnerability was found in Francisco Burzi PHP-Nuke up to 7.2. It has been declared as problematic. Affected by this vulnerability is the function cookiedecode of the file mainfile.php. The manipulation of the argument User leads to basic cross site scripting. This vulnerability is known as CVE-2004-1930. The attack can be launched remotely. Furthermore, there is an exploit available.

A startling discovery by Hunted Labs has brought to light a potential security risk lurking within the heart of the cloud-native ecosystem. The open source Go package easyjson, widely used for optimizing JSON serialization and deserialization, has been found to be fully controlled by developers based in Moscow, employed by VK Group (also known as […]

The post Russian Company Gains Full Control Over Critical Open Source Easyjson Library appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages

《自然-人类行为》发表的研究发现，在中低收入国家对儿童实施身体惩罚会带来完全负面结果，包括健康状况不佳、学业表现较差及社会情感发展受损，这与在富裕国家的研究结果相似。2006 年联合国秘书长呼吁禁止针对儿童体罚——通过施加体力造成疼痛的行为，包括打屁股、摇晃和打耳光。迄今，全球已有 65 个国家全面或部分禁止这种做法。研究人员分析了 2002 年至 2024 年间发表的 19 5项与体罚相关的研究。这些研究覆盖 9 2个中低收入国家，涉及19项结果指标，包括亲子关系、身心健康、暴力行为、药物滥用、认知功能、社会情感技能、睡眠、运动技能以及成为童工的可能性等方面。研究发现，在 19 项结果指标中，有 16 项显示体罚与负面后果显著相关：更差的亲子关系、成为暴力受害者、实施暴力（包括成年后的亲密伴侣暴力）、认可暴力行为、身体健康问题、心理健康问题、药物滥用、学业表现不佳、语言能力受损、执行功能受损、社会情感技能受损、整体行为问题、内化行为问题（如抑郁和退缩）、外化行为（如攻击性和破坏行为）、早期儿童发育受损以及睡眠质量下降。

Если не обновят сейчас — через год полёты станут опасны.

关键词网络攻击网络犯罪分子正在使用虚假的社会保障管理局电子邮件来分发ScreenConnect RAT(远程访

关键词安全漏洞根据安全研究员Peng的详细技术分析，Windows 部署服务 (WDS) 中新披露的一个拒绝服

关键词虚拟货币根据针对服务提供商和代币匿名性的全面新反洗钱法规，欧洲将从 2027 年开始禁止匿名加密账户和隐

关键词BitLocker微软在Windows 11 24H2版本中默认启用了BitLocker设备加密功能，这

企业高管们总是能找到新说辞去批评员工的工作态度。Reddit 联合创始人兼 CEO Steve Huffman 谈到他于 2015 年重新接任 CEO 时的发现：公司内部充斥着理想主义的员工，他们竟然没有拼命工作。他说，“我们真的太理想主义...理想化的认为自己不是为一家企业工作...埋头于这种理想主义也意味着工作不够努力。”他认为这是一种硅谷病，一种权利，认为我在公司工作，但不必非常努力，因为工作是为了实现自己的理想。

Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitive user activity actually happens—the browser. This isn’t a small omission. It’s a structural

The financial sector is heavily targeted by cybercriminals. Banks, investment firms, and credit unions are prime victims of attacks aimed at stealing sensitive data or holding it hostage for massive ransoms. One emerging threat in this landscape is Nitrogen Ransomware, a malicious group discovered in September 2024.   It has since then been notoriously renowned for […]

The post Nitrogen Ransomware Exposed: How ANY.RUN Helps Uncover Threats to Finance  appeared first on ANY.RUN's Cybersecurity Blog.

对二进制安全中的沙盒原理进行解析，并且集合了常见的ORW攻击脚本

CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector. Unsophisticated threat actors are […]

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by

В главной роли — ты. В жанре — кибермошенничество.