Aggregator

Threat Actor Shifts From Targeting Exchange to Databases
A Chinese cyberespionage threat actor with a history of hacking Microsoft Exchange to spy on geopolitical events including summits in Africa, the Middle East and Asia, has shifted its attention to targeting databases, say researchers.

Medication Tech Firm Says Hacking Incident Contained to One Employee Email Account
A Florida firm that offers medication therapy management services to health plans is notifying nearly 150,000 individuals that their information was potentially compromised in a phishing attack affecting one employee's email account for only about an hour. Why do users still fall for phishing scams?

Public-Private Cyberthreat Sharing at Risk Amid Shutdown, Experts Warn
With a key cyberthreat sharing law expiring Tuesday, analysts tell Information Security Media Group legal protections enabling cyberthreat sharing across the public and private sectors will vanish, raising fears of reduced visibility into critical infrastructure just as federal resources shrink.

A Look at How the 2nd Largest Deal in Cyber History Nearly Fell Apart in the 11th Hour
The second-largest acquisition in cybersecurity history included initial outreach in 2023, the seller nearly walking away and an accelerated announcement timeline due to media leaks. Palo Alto CEO Nikesh Arora first approached CyberArk Chairman Udi Mokady about a potential deal back in May 2023.

Switchblade 600 — это запускаемая с помощью трубы беспилотная воздушная система длиной около 5 футов и весом 75 фунтов.

当前环境出现异常，需完成验证后方可继续访问。

A vulnerability has been found in Frappe ERPNext 15.57.5 and classified as critical. The impacted element is the function get_loyalty_program_details_with_points of the file erpnext/accounts/doctype/loyalty_program/loyalty_program.py. The manipulation of the argument expiry_date leads to sql injection. This vulnerability is traded as CVE-2025-52050. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file loginsystem/edit-profile.php. Such manipulation of the argument fname/lname/contact leads to cross site scripting. This vulnerability is traded as CVE-2025-28016. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Category Management Page. Executing manipulation of the argument category name can lead to cross site scripting. This vulnerability appears as CVE-2025-56018. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Validator.js up to 13.15.15. It has been rated as problematic. This impacts the function isURL. Performing manipulation results in open redirect. This vulnerability is known as CVE-2025-56200. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in Syaqui Collegetivity 1.0.0. Impacted is an unknown function of the file /dashboard/notes of the component HTTP POST Request Handler. Executing manipulation can lead to improper control of resource identifiers. This vulnerability is tracked as CVE-2025-56392. The attack can be launched remotely. No exploit exists.

A vulnerability was found in M-Files Server. It has been classified as problematic. Affected by this issue is some unknown functionality. Performing manipulation results in improper isolation or compartmentalization. This vulnerability is known as CVE-2025-3086. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

OpenAI 上半年营收增至 43 亿美元；微信朋友圈照片变清晰

当前环境出现异常,需完成验证后方可继续访问.

热烈庆祝中华人民共和国成立76周年