Aggregator

安全公司RAPID7在一加OxygenOS 12~15等版本中发现高危漏洞，恶意应用可无需授权访问短信和彩信。一加已承认问题但未说明长期未回应原因。研究人员因多次联系无果直接公布漏洞以施压修复。目前一加正在调查中。

Secure Code Warrior has launched a beta program to expand the AI capabilities of its Trust Agent product. The new offering provides CISOs with security traceability, visibility, and governance over developers’ use of AI coding tools. This upgrade, collectively referred to as Trust Agent: AI, leverages a combination of key signals, including AI coding tool usage, vulnerability data, code commit data, and developers’ secure coding skills, to provide visibility into how AI development tools are … More →

The post Secure Code Warrior gives CISOs visibility into developer AI tool usage appeared first on Help Net Security.

作者：Pavan Reddy1, Aditya Sanjay Gujral1 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2509.10540v1 摘要 大型语言模型（LLM）助手正日益融入企业工作流，由于其连接内部与外部数据源，新的安全问题也随之浮现。本文深入分析了EchoLeak（CVE-2025-32711）这一案例，它是微软365 Cop...

文章介绍了HTTP错误代码521的含义及其常见原因和解决方法。该错误通常由Cloudflare引发，表明目标服务器暂时无法处理请求，可能是由于过载或维护导致。建议用户等待后重试或联系网站管理员解决问题。

A vulnerability, which was classified as critical, has been found in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. This vulnerability is listed as CVE-2025-10953. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #652741 / VDB-220082

A vulnerability classified as critical was found in Samsung Retail Mode up to 5.59.3. This affects an unknown part. Executing manipulation can lead to improper input validation. This vulnerability is tracked as CVE-2025-21056. The physical device can be targeted for the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure. This vulnerability is identified as CVE-2025-10952. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability described as critical has been identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. This vulnerability is referenced as CVE-2025-10951. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability marked as critical has been reported in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. The identification of this vulnerability is CVE-2025-10950. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Новый zero-day уже используется в атаках.

Submit #652688 / VDB-325824

Submit #652687 / VDB-325824

Credit unions are the financial lifeline for more than 139 million Americans. Built on a member-first philosophy, these not-for-profit institutions provide affordable banking, community trust, and financial empowerment. But in today’s digital-first era, credit unions face growing cybersecurity challenges. With rising ransomware attacks, phishing scams, and third-party vendor breaches, credit unions are prime targets for

The post Credit Unions Replaced Fragmented Tools With Seceon’s Platform appeared first on Seceon Inc.

The post Credit Unions Replaced Fragmented Tools With Seceon’s Platform appeared first on Security Boulevard.

Luxembourg, Luxembourg, 25th September 2025, CyberNewsWire

Submit #652686 / VDB-323204

Luxembourg, Luxembourg, 25th September 2025, CyberNewsWire

The post Gcore Radar Report Reveals 41% Surge in DDoS Attack Volumes appeared first on Security Boulevard.

Luxembourg, Luxembourg, September 25th, 2025, CyberNewsWireGcore, the global edge AI, cloud, n

Submit #652463 / VDB-325822