Aggregator

It seems this issue is a false-positive. Please confirm the sources provided and consider disregarding this entry.

This issue is likely a false positive. Please verify the cited sources and consider not including this entry.

Firefox 最新的 Nightly 版本终于加入了对 Matroska MKV 内容的播放支持。该功能请求用户已经递交了八年之久。目前对 MKV 内容的支持仅限于 Nightly 版，或者用户也可以修改 media.mkv.enabled 选项选择启用。播放 MKV 内容功能目前只支持 AVC/H.264 和 AAC 编解码器，未来会逐渐支持其它编解码器。

加密恶意流量特征挖掘研究 by ourren

更多最新文章，请访问SecWiki

Roasting Redmond for Kerberoasting: “Like an arsonist selling firefighting services,” quips this 76-year-old.

The post Microsoft’s ‘Gross Cybersecurity Negligence Threatens National Security’ appeared first on Security Boulevard.

A targeted supply chain compromise of an open-source node package manager (npm) resulted in malicious updates to widely used packages, enabling cryptocurrency theft through traffic interception and transaction manipulation of browser-based crypto wallets.

The post 16 Minutes to Impact: npm Supply Chain Abuse Deploys crypto-draining malware appeared first on Sygnia.

A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using…

Для успешной атаки достаточно лишь смартфона и полминуты времени.

A sophisticated fileless malware campaign has been observed using legitimate tools to deliver AsyncRAT executed in memory

A vulnerability identified as critical has been detected in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. This vulnerability is tracked as CVE-2025-10278. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. This vulnerability is identified as CVE-2025-10277. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

In early May 2025, security teams began observing a sudden rise in post-exploitation activity leveraging an open-source command-and-control framework known as AdaptixC2. Originally developed to assist penetration testers, this framework offers a range of capabilities—file system manipulation, process enumeration, and covert channel tunneling—that have now been adopted by malicious actors. The framework’s modular design and […]

The post Threat Actors Leveraging Open-Source AdaptixC2 in Real-World Attacks appeared first on Cyber Security News.

A vulnerability was found in YunaiV ruoyi-vue-pro up to 2025.09. It has been rated as critical. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. This vulnerability is referenced as CVE-2025-10276. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in YunaiV yudao-cloud up to 2025.09. It has been declared as critical. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The identification of this vulnerability is CVE-2025-10275. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #643809 / VDB-323648

Submit #643808 / VDB-323647

Submit #643386 / VDB-323646

Submit #643384 / VDB-323645

Artificial intelligence is no longer just another tool in the cybersecurity stack—it’s becoming a requirement to keep pace with modern threats. Deep Instinct CIO Carl Froggett discusses how attackers are leveraging AI to move faster and why defenders need to rethink their own strategies. One of the most pressing issues security teams face today is alert..

The post From Alert Fatigue to Proactive Defense: The Case for AI-Driven Prevention appeared first on Security Boulevard.

A vulnerability was found in linlinjava litemall up to 1.8.0. It has been declared as critical. This affects an unknown function of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name results in sql injection. This vulnerability is cataloged as CVE-2024-6452. The attack may be launched remotely. Furthermore, there is an exploit available.