Aggregator

A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. This vulnerability is handled as CVE-2024-12927. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. This vulnerability was named CVE-2024-12935. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The identification of this vulnerability is CVE-2024-12936. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Download Manager Plugin up to 3.3.02 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10706. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200 affects CoreAudio, an API Apple devices use for processing audio. The memory corruption vulnerability can be triggered with a maliciously crafted media file: when the audio stream in it is processed, it allows attackers to execute malicious … More →

The post Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) appeared first on Help Net Security.

Java代码审计

Сломанная Jira парализовала команды по всему миру.

emlog2.5.3代码审计

本清单涵盖多个领域安全要点，旨在帮助开发者识别潜在风险并加以防范。

涉及身份证明、财务数据等

Cyberattacks targeting the energy sector are increasing, driven by a host of geopolitical and technological factors. A report published by Sophos in July 2024, and which surveyed 275 cybersecurity and IT leaders from the energy, oil/gas, and utilities sector across 14 countries, found 67% of respondents who said their organizations had suffered a ransomware attack in the last year. While Sophos’ figure remained steady year-over-year, a January 2025 report authored by TrustWave said that ransomware … More →

The post Cyber threats against energy sector surge as global tensions mount appeared first on Help Net Security.

A UK Law firm has been fined £60,000 after data stolen during a 2022 cyber-attack was published on the dark web

直播预约：山石网科生态合作伙伴大会

在合同即将到期的最后时刻，美国国土安全部下属单位网络安全和基础设施安全局（CISA） 与MITRE 签署了一份11个月的合同延期，未来会怎么很难说。

5 миллиардов реклам — в мусорку.

本文主要分享一些我们最近对iDirect设备的研究，篇幅较长，我们公开了部分研究成果，也希望更多对卫星网络安全研究感兴趣的读者能加入这个新赛道。

本文主要分享一些我们最近对iDirect设备的研究，篇幅较长，我们公开了部分研究成果，也希望更多对卫星网络安全研究感兴趣的读者能加入这个新赛道。

天文学家发现了一颗极有可能蕴有生命的行星。K2-18b 是在 2015 年首次发现的，质量约为地球的八倍，其母星距离地球 124 光年，它位于该星系的宜居带，即液态水可以在其表面存在。2019 年天文学家观察到了水蒸气。2023 年剑桥大学的 Nikku Madhusudhan 和同事利用韦伯太空望远镜在近红外波段观测了它的大气层，发现了水蒸气、二氧化碳和甲烷的证据。他们还发现了二甲基硫醚（DMS）的可能踪迹，这种分子在地球上主要由海洋浮游植物产生。由于 DMS 的信号极其微弱，天文学家认为还需要更强有力的证据才能确定这种分子的存在。Madhusudhan 和同事之后使用韦伯搭载的中红外相机去观测 K2-18b，发现了更强有力的 DMS 信号，以及一种可能相关分子二甲基二硫化物 (DMDS)，这种分子在地球上也只有生命才能产生。DMS 和 DMDS 结果的统计显著性为 3σ，而统计结果需要达到 5σ才能被认为基本确认。天文学家认为还需要对 K2-18b 进一步观测进行确认。

专注推动网络与安全融合的全球性综合网络安全解决方案供应商 Fortinet®（NASDAQ：FTNT […]

商用密码建设方案-4A系统，在标准国密技术要求下，根据业务系统特性进行设计