Aggregator

A vulnerability was found in Sophos Intercept X 2024.3 on Windows and classified as critical. This issue affects some unknown processing of the component Updater. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2024-13972. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Open Source Robotics Robot Operating System Indigo Igloo/Kinetic Kame/Melodic Morenia/Noetic Ninjemys and classified as very critical. This vulnerability affects the function eval. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability was named CVE-2024-41921. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Open Source Robotics Robot Operating System Indigo Igloo/Kinetic Kame/Melodic Morenia/Noetic Ninjemys. This affects the function eval. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is uniquely identified as CVE-2024-41148. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in Open Source Robotics Robot Operating System Indigo Igloo/Kinetic Kame/Melodic Morenia/Noetic Ninjemys. Affected by this issue is the function eval. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is handled as CVE-2024-39835. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as very critical was found in Open Source Robotics Robot Operating System Indigo Igloo/Kinetic Kame/Melodic Morenia/Noetic Ninjemys. Affected by this vulnerability is the function eval. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is known as CVE-2025-3753. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as very critical has been found in Open Source Robotics Robot Operating System Indigo Igloo/Kinetic Kame/Melodic Morenia/Noetic Ninjemys. Affected is the function eval. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is traded as CVE-2024-39289. It is possible to launch the attack remotely. There is no exploit available.

A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and supply chain organizations, reflecting China’s strategic imperative to achieve technological self-sufficiency in this vital sector. […]

The post Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike appeared first on Cyber Security News.

Пользователи голосуют за приватность и контроль — и это видно в цифрах.

The Chinese government could use its information-sharing laws to force the Huawei to assist Beijing’s vast intelligence apparatus, Sen. Tom Cotton and Rep. Rick Crawford, both Republicans from Arkansas, wrote.

В России могут запретить «чужие» мессенджеры.

A novel malware family named LameHug is using a large language model (LLM) to generate commands to be executed on compromised Windows systems. [...]

Хакеры создали Терминатора среди вирусов который самоуничтожается при малейшей угрозе разоблачения.

The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines.

Threat actors are using anti-box tools, AI, and cloaking-as-a-service tactics to bypass security tools by showing a phishing or other malicious site to targets and harmless ones to detection and blocking tools, techniques that SlashNext researchers say are reshaping how such scams are run.

The post Emerging Cloaking-as-a-Service Offerings are Changing Phishing Landscape appeared first on Security Boulevard.

A vulnerability was found in OpenZeppelin openzeppelin-contracts up to 5.3.x. It has been rated as problematic. This issue affects the function lastIndexOf in the library Bytes.sol. The manipulation of the argument Pos leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-54070. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Livewire up to 3.6.3. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2025-54068. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Gr33n37-IP-Changer: Change Your IP at Specified Intervals

愿心中的火永不熄灭～

A vulnerability was found in nbcio-boot 1.0.3. It has been classified as critical. This affects an unknown part of the file /sys/user/deleteRecycleBin. The manipulation of the argument userIds leads to sql injection. This vulnerability is uniquely identified as CVE-2025-50240. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ipavlov 7-Zip up to 24.x and classified as problematic. Affected by this issue is some unknown functionality of the component Compound Handler. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-53817. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.