Aggregator

HackerNews 编译，转载请注明出处： 苹果公司周三发布带外（out-of-band）操作系统更新，修复两个已被用于针对少量iOS设备的“极其复杂”攻击的安全漏洞。 这两个漏洞编号为CVE-2025-31200和CVE-2025-31201，分别被归类为代码执行漏洞和安全缓解措施绕过漏洞，影响iOS、iPadOS及macOS平台。苹果称已收到报告，确认这些漏洞被用于针对特定iPhone目标的高端攻击。 CoreAudio组件漏洞（CVE-2025-31200） 处理恶意构造的媒体文件中的音频流时可能触发代码执行。苹果确认该漏洞可能已在针对iOS设备特定个体的高度复杂攻击中被利用。此内存损坏问题通过改进边界检查修复。该漏洞由谷歌威胁分析小组（TAG）报告。 RPAC组件漏洞（CVE-2025-31201） 具备任意读写能力的攻击者可能绕过指针认证（Pointer Authentication）机制。苹果确认该漏洞可能已在针对iOS设备特定个体的高度复杂攻击中被利用。此问题通过移除漏洞代码修复。（注：指针认证是ARM架构中的安全功能，用于检测指针是否被篡改） 漏洞补丁已覆盖所有运行macOS Sequoia系统的设备，但苹果强调目前仅观察到少量针对iPhone的攻击实例。 依照惯例，苹果未公开实际攻击的技术细节或入侵指标（IOCs）。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert after confirming active exploitation of a SonicWall vulnerability. The flaw, documented as CVE-2021-20035, targets SonicWall’s SMA100 series appliances and has been added to CISA’s Known Exploited Vulnerabilities Catalog. Overview of the Vulnerability This particular vulnerability lies within the SonicWall Secure Mobile Access (SMA) […]

The post CISA Issues Alert on SonicWall Flaw Being Actively Exploited appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Цифровое возмездие настигло даже самых хитрых мошенников.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection

A vulnerability has been found in RT-Thread up to 5.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file utilities/rt-link/src/rtlink.c. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-25395. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in RT-Thread up to 5.0.2. It has been declared as critical. This vulnerability affects unknown code of the file finsh/msh_file.c. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-25390. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical has been found in RT-Thread up to 5.0.2. Affected is an unknown function of the file libc/posix/ipc/mqueue.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-25391. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in RT-Thread up to 5.0.2. Affected by this issue is some unknown functionality of the file utilities/var_export/var_export.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-25392. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in RT-Thread up to 5.0.2. This affects an unknown part of the file drivers/misc/rt_random.c. The manipulation leads to insufficient entropy in prng. This vulnerability is uniquely identified as CVE-2024-25389. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in RT-Thread up to 5.0.2 and classified as critical. This issue affects some unknown processing of the file net/at/src/at_server.c. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-25393. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in ThinkCMF 6.0.9. Affected is an unknown function of the file UeditorController.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-31615. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in onethink 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file ModelModel.class.php. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-33444. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Wireshark 1.6.0/1.6.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2011-3483. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

In this Help Net Security interview, Jason Lord, CTO at AutoRABIT, discusses the cybersecurity risks posed by AI agents integrated into real-world systems. Issues like hallucinations, prompt injections, and embedded biases can turn these systems into vulnerable targets. Lord calls for oversight, continuous monitoring, and human-in-the-loop controls to combat these threats. Many AI agents are built on foundation models or LLMs. How do the inherent unpredictabilities of these models—like hallucinations or prompt injections—translate into risks … More →

The post When AI agents go rogue, the fallout hits the enterprise appeared first on Help Net Security.

Cisco has disclosed a high-severity vulnerability in its widely used Webex App, warning users that attackers could exploit the flaw to execute arbitrary code on targeted computers. Tracked as CVE-2025-20236, the vulnerability arises from improper input validation in the app’s custom URL parser, exposing users to remote code execution simply by clicking a specially crafted meeting […]

The post Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In the modern enterprise, network security teams face the daunting challenge of detecting and responding to multi-stage attacks that unfold over days or even weeks. Two of the most powerful tools in this battle are NetFlow and PCAP. NetFlow, often described as a metadata sentinel, provides a high-level summary of network traffic flows by recording […]

The post NetFlow and PCAP Logs Reveal Multi-Stage Attacks In Corporate Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.