Aggregator

美国网络安全和基础设施安全局（CISA）将Citrix NetScaler ADC和Gateway的漏洞CVE-2025-5777（“CitrixBleed 2”）加入已知被利用漏洞目录。该漏洞CVSS评分9.3，允许未认证攻击者窃取会话cookie，影响多个版本的NetScaler设备。研究人员发现该漏洞与CVE-2023-4966类似，并已有针对该漏洞的攻击活动。CISA要求联邦机构于2025年7月11日前修复此漏洞。

文章讲述了Alice和Bob如何将密码学从数学公式转化为人类故事，并介绍了围绕他们的一系列角色（如Eve、Mallory、Trent、Peggy和Victor），每个角色代表不同的安全挑战与解决方案。通过戏剧化的叙事方式，这些人物帮助理解数字信任的复杂性，并强调了密码学不仅是技术，更是人类关系的体现。

意大利艾米利亚-罗马涅大区的计算机安全事件响应团队（CSIRT-RER）成立于2022年，旨在为公共机构提供网络安全支持。该团队通过安全评估、培训、威胁情报等服务提升机构的网络安全能力，并与国家及国际组织合作以增强整体防御能力。

The Rockerbox breach burst onto the threat-intelligence radar in early July 2025 when an unencrypted, 286.9 GB cloud repository holding 245,949 highly sensitive records was found openly indexed on the internet. Investigators traced the trove to Rockerbox, a Dallas-based tax-credit consultancy serving employers nationwide; the cache contained driver’s licenses, DD214 military discharge forms, payroll tax […]

The post Rockerbox Data Leak – 245,949 User Records Exposed Including SSNs and Driver’s Licenses appeared first on Cyber Security News.

A vulnerability classified as critical has been found in LabRedesCefetRJ WeGIA up to 3.4.0. Affected is an unknown function of the file /controle/relatorio_geracao.php. The manipulation of the argument almox leads to sql injection. This vulnerability is traded as CVE-2025-53527. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile_familiar.php. The manipulation of the argument id_dependente leads to cross site scripting. This vulnerability is handled as CVE-2025-53525. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in LabRedesCefetRJ WeGIA up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /html/funcionario/profile_funcionario.php. The manipulation of the argument id_funcionario leads to sql injection. This vulnerability is known as CVE-2025-53529. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.2.x. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation of the argument errorstr leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-53530. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.2.x. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP GET Request Handler. The manipulation of the argument fid leads to allocation of resources. This vulnerability was named CVE-2025-53531. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in GNU gnuboard5 5.5.16. This vulnerability affects unknown code of the file bbs/member_confirm.php. The manipulation leads to open redirect. This vulnerability was named CVE-2024-37658. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in GNU gnuboard5 5.5.16. It has been rated as problematic. This issue affects some unknown processing of the file bbs/logout.php of the component URL Parameter Handler. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2024-37656. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in GNU gnuboard5 5.5.16. This affects an unknown part of the file thebbs/login.php. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2024-37657. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in LabRedesCefetRJ WeGIA up to 3.4.2 and classified as problematic. This vulnerability affects unknown code of the file novo_memorando.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-53526. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in YONO SBI 1.23.36. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

文章介绍了一种新型点对点电子邮件系统Eppie，用户可通过本地设备生成加密公钥作为唯一地址，完全自主拥有且不受任何服务商控制。该系统支持传统邮件格式和去中心化网络通信，并可与Web2和Web3服务无缝衔接。

A vulnerability was found in Tamlyncreative Com Bfquiztrial. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument catid leads to sql injection. The identification of this vulnerability is CVE-2010-5032. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

EGIOZR异泽13合1桌面充电拓展坞整合数据传输、视频输出和充电功能，解决现代办公中接口不足、线材杂乱等问题。支持双屏异显、高速充电及多种设备连接，适合多屏办公党、差旅党等群体。

Citrix NetScaler 内存泄漏(CVE-2025-5777)

可信数据空间成为支撑全国一体化数据市场的核心基础设施。

AMD 正在警告一系列影响广泛芯片组的新漏洞，涉及的产品线极广。