Aggregator

Первый в истории опыт звёздной навигации прошёл успешно на краю Солнечной системы.

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2025-7074. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in IPInfo Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-53482. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mbed TLS up to 3.6.3. It has been declared as problematic. Affected by this vulnerability is the function mbedtls_pem_read_buffer of the component PEM Handler. The manipulation leads to off-by-one. This vulnerability is known as CVE-2025-52497. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mbed TLS up to 3.6.3. It has been classified as problematic. Affected is an unknown function of the component AESNI Detection. The manipulation leads to compiler optimization removal or modification of security-critical code. This vulnerability is traded as CVE-2025-52496. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mbed TLS up to 3.6.3 and classified as problematic. This issue affects the function mbedtls_lms_verify. The manipulation leads to missing cryptographic step. The identification of this vulnerability is CVE-2025-49600. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IPInfo Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki and classified as problematic. This vulnerability affects unknown code. The manipulation leads to resource consumption. This vulnerability was named CVE-2025-53481. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in mbed TLS up to 3.6.3. This affects the function mbedtls_lms_import_public_key. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-49601. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #602353 / VDB-314973

The move to 47-day SSL certificates is a major step toward a more secure, automated internet. While it introduces new challenges, especially for organizations relying on manual processes, it ultimately pushes the ecosystem toward greater resilience and trust. 

The post The 47-Day SSL Certificate Era: What It Means for Site Owners and IT Teams appeared first on Security Boulevard.

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony.

The post Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App appeared first on Security Boulevard.

第二届“长城杯”信息安全铁人三项赛（防护赛）总决赛-Pwn方向部分题解 by ourren

SymAgent：基于神经符号自学习的知识图谱复杂推理智能体框架 by ourren

更多最新文章，请访问SecWiki

自二战以来一直持续到 2024 年，美国是自由世界毋庸置疑的科学领导者。一个注重事实、讲究科学真理、重视教育和公共利益的社会引领着一代又一代人持续突破和进步。但 2025 年 1 月起，美国享有盛名的科研机构如 NOAA、NASA、NSF、CDC、EPA 和 FDA 遭遇了一连串史无前例的内部攻击。随着新的预算（大而美法）获得众议院和参议院的批准即将成为法律，我们所熟悉的美国科研模式可能成为过去。对美国科学家而言，这是一场现实生活中的噩梦。即使发生最糟糕的事情，我们仍然有理由抱有希望。希特勒的德国也严重破坏了本国的科学研究，但大批流失的科学家最终惠及了世界其他地区，这一事件被称为“希特勒的礼物”。我们可能会见证美国科学的衰落，其他科学强国崛起。NASA 已经裁员逾 2500 人，正要求其他 3000 人自愿退休，受影响的主要是科学部门。NASA 正在进行的 124 个任务有 41 个面临完全取消，引力波探测器 LISA 面临失去 NASA 的资助。特朗普政府取消订阅《自然》期刊，这一事件几乎和纳粹德国如出一辙：《自然》自 1937 年起到二战结束被禁止收录进德国图书馆。如果美国不改变方向，2025 年不仅将标志着美国科学例外主义时代的终结；而美国人才流失的规模可能让“希特勒的礼物”都相形见绌。

A vulnerability has been found in Linux Kernel up to 6.15.3 and classified as problematic. This vulnerability affects the function vidtv_mux_init of the file drivers/media/test-drivers/vidtv/vidtv_mux.c of the component media. The manipulation leads to improper initialization. This vulnerability was named CVE-2025-38227. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.15.3. This affects the function i40e_clear_hw of the component i40e. The manipulation leads to integer underflow. This vulnerability is uniquely identified as CVE-2025-38200. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38225. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3 and classified as problematic. Affected by this issue is the function dbMount of the component jfs. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-38230. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.3. This issue affects the function usb_bulk_msg of the file drivers/media/usb/dvb-usb/cxusb.c of the component media. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2025-38229. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.34/6.15.3. It has been rated as critical. This issue affects the function e5010_probe of the component media. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-38228. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.3. Affected by this issue is the function nfs4_state_start_net of the component nfsd. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38231. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.