Aggregator

Scattered Spider网络犯罪组织通过社会工程手段攻击VMware ESXi管理程序，针对美国零售、航空、运输和保险行业。他们冒充员工获取初始访问权限，并利用虚拟基础设施控制所有资产，包括备份机器。最终部署勒索软件加密虚拟机文件。

A vulnerability classified as critical was found in Cisco Secure Email Gateway. Affected by this vulnerability is an unknown functionality of the component HTTP Handler. The manipulation leads to http response splitting. This vulnerability is known as CVE-2024-20392. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Commerce up to 2.3.7-p2/2.4.3-p1. This issue affects some unknown processing. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2022-24086. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

作者通过Wireshark捕获Xbox One手柄的USB流量并分析数据包变化，创建了自定义USB设备驱动以获取输入数据。现在希望向手柄发送命令控制灯光或振动功能，但微软GIP标准缺乏详细说明。作者寻求逆向工程USB设备控制接口命令的方法，并考虑使用GitHub上的现有项目。

文章讨论了如何在C++中开发远程网络控制（HVNC），并尝试从隐藏桌面向安全桌面（如UAC提示）注入输入。由于安全桌面处于隔离的会话环境中，常规方法无法实现输入注入。作者寻求通过操作会话令牌或钩入安全桌面的消息循环来解决这一问题。

A vulnerability classified as critical has been found in Apache Superset up to 4.1.1. Affected is an unknown function of the component sqlExpression Field Handler. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-48912. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Business Intelligence Enterprise Edition 7.6.0.0.0/8.2.0.0.0/12.2.1.4.0 and classified as critical. Affected by this issue is some unknown functionality of the component Platform Security. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-30759. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-50123. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been classified as critical. Affected is an unknown function of the component Web Interface. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-50121. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Installation/Upgrade. The manipulation leads to insufficient entropy. This vulnerability is known as CVE-2025-50122. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

挪威浏览器开发商 Opera 向巴西反垄断监管机构 CADE 投诉微软利用 Windows 系统捆绑 Microsoft Edge 浏览器创造不公平竞争环境。Opera 指控微软阻止用户下载和使用其他替代浏览器，并通过预装 Edge 获取天然优势。在巴西市场，Opera 是排名第三的浏览器。

A vulnerability was found in Inertialfate Com If Surfalert 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is known as CVE-2010-1717. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in hdflvplayer Com Hdflvplayer 1.3 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2010-1372. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Joomlanook Com Hsconfig 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is handled as CVE-2010-1314. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Kazulah Com Horoscope 1.5.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is handled as CVE-2010-1472. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in huruhelpdesk Com Huruhelpdesk 0.85. It has been classified as critical. This affects an unknown part of the file index.php of the component Help. The manipulation of the argument cid[0] leads to sql injection. This vulnerability is uniquely identified as CVE-2010-2907. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Htmlcoderhelper Com Graphics 1.5.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file graphics.php. The manipulation of the argument controller leads to path traversal. This vulnerability is handled as CVE-2010-1653. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Photoindochina Com Golfcourseguide 0.9.6.0 and classified as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2010-2921. The attack can be initiated remotely. Furthermore, there is an exploit available.

Кто-то вспомнил старого врага "Аэрофлота" — и превратил его в кибероружие.

Apple Music 在 iOS 26 中新增了自动过渡、歌词翻译与发音、锁屏动态封面等功能，并对界面和交互进行了优化。