Aggregator

A vulnerability, which was classified as problematic, has been found in Canonical LXD up to 5.21.3/6.4. This affects an unknown function of the component Instance Snapshot Handler. This manipulation causes improper neutralization of special elements used in a template engine. The identification of this vulnerability is CVE-2025-54287. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Canonical LXD up to 5.21.3/6.4. The impacted element is an unknown function. The manipulation results in path traversal. This vulnerability was named CVE-2025-54292. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Canonical LXD up to 5.21.3/6.4. The affected element is an unknown function of the component Images API. The manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2025-54291. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Canonical LXD up to 5.21.3/6.4. Impacted is an unknown function of the component devLXD Server. Executing manipulation can lead to authentication bypass by spoofing. This vulnerability is handled as CVE-2025-54288. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Canonical LXD up to 5.21.3/6.4. This issue affects some unknown processing of the component Image Export API. Performing manipulation results in information disclosure. This vulnerability is known as CVE-2025-54290. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Canonical LXD up to 5.21.3/6.4. This vulnerability affects unknown code of the component Operations API. Such manipulation leads to missing origin validation in websockets. This vulnerability is traded as CVE-2025-54289. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

从调试到虚拟机，一课打通逆向全链路！

看雪论坛作者ID：逆天而行

Керн Sapphire Canyon может ответить на главный вопрос — но сначала надо привезти его через 225 млн км.

声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部

Гендиректор ФГУП «Космическая связь» о планах на 15–20 лет.

MatrixPDF将普通PDF转化为钓鱼和恶意软件工具,利用覆盖层、嵌入脚本等手段绕过过滤器。攻击者通过伪装安全文档诱使用户点击链接或允许权限以获取恶意载荷。

Forrester predicts agentic AI will be responsible for a major data breach in 2026

Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware

An extortion group known as the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, making off with nearly 570GB of compressed data from 28,000 internal repositories. This data theft is being regarded as one of the most significant breaches in technology history, involving the unauthorized extraction of source code and sensitive confidential […]

The post Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories appeared first on Cyber Security News.

研究人员发现两款伪装成Signal和ToTok的间谍软件ProSpy和ToSpy，通过虚假网站和应用商店传播，在阿联酋进行针对性攻击，窃取敏感数据并持续运行。

Утекли снимки, имена, ключи... что на это скажет компания  Lifeprint?

Nisos通过开源情报和外部监控识别内部威胁，关注职场冲突、兼职工作、数据收集等关键指标，帮助企业预防潜在风险。

ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through fake websites and social engineering. Researchers identified two previously unknown spyware families. Android/Spy.ProSpy poses as upgrades or add-ons for the Signal app and the discontinued ToTok app, while Android/Spy.ToSpy pretends to be the ToTok app itself. The ToSpy campaign is still active, supported by command-and-control servers that remain … More →

The post ProSpy and ToSpy: New spyware families impersonating secure messaging apps appeared first on Help Net Security.