Aggregator

A vulnerability was found in Linux Kernel 5.15. It has been declared as critical. This vulnerability affects the function ksmbd_decode_ntlmssp_auth_blob of the file auth.c of the component ksmbd. The manipulation of the argument nt_len leads to memory corruption. This vulnerability was named CVE-2023-0210. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in GitLab up to 15.7.7/15.8.3/15.9.1. Affected is an unknown function of the component API. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-0223. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in NLnet Labs Krill up to 0.12.0. This issue affects some unknown processing of the file /rrdp of the component Web Server. The manipulation leads to uncaught exception. The identification of this vulnerability is CVE-2023-0158. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OrangeScrum 2.0.11. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to injection. This vulnerability is handled as CVE-2023-0164. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability has been found in Drupal 9.3 and classified as critical. This vulnerability affects unknown code of the component Generic Entity Access API. The manipulation leads to permission issues. This vulnerability was named CVE-2022-25274. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 15.8.4/15.9.3/15.10.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. This vulnerability is handled as CVE-2023-0155. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2023-0141. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

美国财政部制裁俄罗斯防弹托管服务提供商Aeza Group，因其为勒索软件、恶意软件和网络犯罪活动提供基础设施支持，并涉及加密交易。该集团无视滥用报告并拒绝执法请求。

Five months after sanction Zservers, the U.S. Treasury Department targeted Aeza Group, another Russia-based bulletproof hosting services provider for allowing threat actors to host ransomware and other campaigns on its infrastructure, which is resistant to law enforcement demands and investigations.

The post Aeza Group Latest BPH Service Provider Sanctioned by U.S. Treasury appeared first on Security Boulevard.

这篇文章介绍了HTTP错误代码521的情况，通常发生在使用Cloudflare服务时。该错误表示Cloudflare无法与源服务器建立连接，可能由于服务器配置问题或网络中断引起。解决方法包括检查源服务器状态、确认防火墙设置以及联系主机提供商排查问题。

HackerNews 编译，转载请注明出处： 人人都信任PDF——而这正是网络犯罪分子如此痴迷于它们的原因。 便携式文档格式（Portable Document Format），更常被称为PDF，每天被分发数百万次。从税务文件、简历到发票、数字手册或任何其他信息，都通过电子邮件以PDF附件的形式发送。 PDF简单、跨平台且普遍受信任。它们可以包含图像、可点击链接和看似官方的标识。这使它们成为攻击者想要混入其中的完美载体，也正是黑客们当前痴迷于它们的原因。 过去几个月，网络安全分析师观察到通过PDF文件发起的钓鱼攻击急剧增加。这些PDF被设计成模仿科技巨头和服务提供商的合法通信，以诱骗受害者泄露凭证或下载恶意软件。 根据思科Talos的洞察，在2025年5月5日至6月5日期间，使用PDF附件进行品牌冒充的行为激增。被冒充最多的品牌是微软（Microsoft）和DocuSign。而NortonLifeLock、PayPal和Geek Squad则属于包含PDF附件的电话导向攻击（TOAD）邮件中最常被冒充的品牌之列。 这些钓鱼活动是全球性的，许多源自美国和欧洲的IP地址。 攻击者如何利用PDF？ 最近的一次攻击冒充了微软，使用了诸如“薪资调整”之类的诱饵主题行，时间点特意选在各组织可能发生晋升或绩效变动的时期。 该PDF看起来像一份标准的人力资源文件，足以让受害者相信并扫描其中的二维码，该二维码会将他们重定向到一个窃取凭证的网站。Dropbox也常被用作分发恶意PDF的平台。 然后是电话导向攻击（TOAD）。这些钓鱼PDF的目的不是让受害者简单地点击链接——而是通过电话对他们进行钓鱼。骗子通常会发送关于账单错误、可疑活动或订阅续费的信息，并包含一个“客服”电话号码。 这些邮件诈骗中使用的大多数电话号码是网络电话（VoIP）号码，追踪到真实个人或物理位置的难度远高于普通固话。 骗子还滥用Adobe电子签名服务等合法平台。2025年4月至5月期间，Talos发现了通过Adobe系统发送的PDF，冒充PayPal等品牌。 PDF也是二维码钓鱼的绝佳载体，而二维码钓鱼当下正大行其道。这些二维码通常冒充微软或Adobe等公司。 此外，还有一种危险策略是滥用PDF文件中的注释功能。PDF可以在评论、便签或表单域等地方隐藏链接。所有这些区域都会被许多扫描器忽略。 攻击者还会在文件中填充无关文本来混淆检测引擎。在某些情况下，他们会嵌入两个URL：一个看起来是干净的（用于建立信任），另一个隐藏的URL则会将你带到真正的钓鱼页面。       消息来源： Cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code injection. This vulnerability is uniquely identified as CVE-2025-7101. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. This vulnerability was named CVE-2025-7102. The attack can be initiated remotely. Furthermore, there is an exploit available.

文章解释了HTTP错误代码521的含义及其常见原因。该错误通常发生在CDN服务提供商与原始Web服务器之间的通信出现问题时。常见原因包括服务器配置错误、网络连接问题或服务器负载过高。解决方法包括检查服务器配置、联系CDN提供商或优化网站资源以减少负载压力。

HackerNews 编译，转载请注明出处： BMW金融服务公司（BMW Financial Services）被卷入一起影响少量人群的第三方数据泄露事件，但具体细节仍不明确。 BMW金融服务公司因第三方公司AIS遭受入侵而间接受影响。总部位于得克萨斯州的金融科技公司AIS在事件发生时，正为BMW金融服务公司及其账户持有人提供监控处理服务及法律监控服务。 该第三方公司在其网络内发现可疑活动后，在取证专家的协助下启动了调查。调查显示，恶意行为者入侵了AIS的系统并窃取了少量数据。 从AIS（进而间接涉及BMW金融服务公司）窃取的数据内容尚不清晰，违规通知函中仅提及姓名这一数据要素，未提及其他信息。不过已知该事件影响人数有限，仅超过1,950人，其中仅有两名缅因州居民受影响。 黑客可能在AIS系统内潜伏了两天，因入侵发生于2025年2月16日，而发现时间为2月18日。该金融科技公司明确表示，此次泄露未波及BMW金融服务公司自身的系统和数据库。 AIS将为受影响个人提供为期12个月的Equifax信用监控及身份盗窃预防服务。       消息来源： Cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Microsoft Windows up to Vista. It has been classified as problematic. This affects an unknown part of the component Kernel Mode Driver. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2015-1727. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

京东将终端可信执行环境（TEE）应用于零售场景，解决App逆向、AI模型窃取等安全问题。通过端侧AI可信推理和终端机密计算，实现数据“可用不可得”，保护用户隐私。方案已落地多平台，未来将联合更多厂商打造芯片级安全生态，提升数字信任。

当前环境出现异常,需完成验证后方可继续访问.