Aggregator

OWASP GenAI Security Project发布AI代理十大安全威胁列表，并在Black Hat Europe 2025会议上公布相关指南和工具。该列表扩展了此前针对大型语言模型和网络应用的威胁跟踪项目，强调AI代理广泛应用将显著扩大攻击面，给网络安全团队带来挑战。

OWASP unveils its GenAI Top 10 threats for agentic AI, plus new security and governance guides, risk maps, and a FinBot CTF tool to help organizations secure emerging AI agents.

The post OWASP Project Publishes List of Top Ten AI Agent Threats appeared first on Security Boulevard.

A vulnerability identified as critical has been detected in webSPELL 4.2.1. Affected by this issue is some unknown functionality of the file asearch.php. Performing manipulation of the argument Search results in sql injection. This vulnerability is identified as CVE-2010-4861. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in WHMCS 4.2. Affected is an unknown function of the file submitticket.php. Performing manipulation of the argument deptid results in sql injection. This vulnerability is cataloged as CVE-2010-1702. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Valarsoft Webmatic. It has been declared as critical. This vulnerability affects unknown code of the file index.php. Such manipulation leads to sql injection. This vulnerability is documented as CVE-2010-4808. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in Wikiwebhelp Wiki Web Help 0.28. The affected element is an unknown function of the component Help. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2010-4970. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Kjetiltroan WebMaid CMS up to 0.2-6. The affected element is an unknown function of the file cContactus.php. This manipulation of the argument menu causes code injection. This vulnerability is tracked as CVE-2010-1266. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as problematic was found in Kjetiltroan WebMaid CMS up to 0.2-6. The impacted element is an unknown function of the file cContactus.php. Such manipulation of the argument com leads to path traversal. This vulnerability is listed as CVE-2010-1267. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in WeBid 0.8.5. The affected element is an unknown function of the file confirm.php. The manipulation of the argument ID results in cross site scripting. This vulnerability was named CVE-2010-4873. The attack may be performed from remote. In addition, an exploit is available.

GhostFrame 是一种新型钓鱼工具包，利用 iframe 和动态生成的子域名隐藏恶意活动，并通过技术手段规避检测。该工具已发起超百万次钓鱼攻击。

A vulnerability classified as critical has been found in Linux Kernel up to 6.4.10. Impacted is the function alauda_check_media. Performing manipulation results in uninitialized pointer. This vulnerability is reported as CVE-2023-53847. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.52/6.4.15/6.5.2. The impacted element is the function r5l_exit_log. Executing manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2023-53848. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Robocode 1.9.3.6. This vulnerability affects the function recursivelyDelete of the component CacheCleaner. Performing manipulation results in path traversal. This vulnerability is known as CVE-2025-14306. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability marked as problematic has been reported in TianoCore EDK2. This affects an unknown function. The manipulation leads to improper input validation. This vulnerability is referenced as CVE-2025-2296. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

美国检察官起诉一名乌克兰女子参与针对全球关键基础设施的网络攻击，包括美国水系统、选举系统和核设施。她涉嫌代表俄罗斯支持的黑客组织活动，并被引渡至美国受审。

U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. [...]

Под прицелом оказалась механика, выкачивающая информацию авторов без возможности отказа.

分享一篇文章。

2025年12月10日（北京时间），微软发布了2025 年 12月安全更新，共发布了70个CVE的补丁程序，比上月增多了2个。

2025年12月9日，深瞳漏洞实验室监测到一则SAP-Solution-Manager组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-42880，漏洞威胁等级：高危。