Aggregator

A vulnerability was found in braintree sanitize-url up to 6.0.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-48345. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in frp_form_answers Extension up to 3.1.1/4.0.1 on TYPO3 and classified as problematic. Affected by this issue is some unknown functionality of the component Saved Email Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-26091. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. […]

根据 StatCounter 截至 7 月的统计数据，距离微软停止支持 Windows 10 仅剩三个月时间，其市场份额终于被 Windows 11 超过。Windows 11 的市场份额为 50.24%，Windows 10 的市场份额为 46.84%。相比一年前这是巨大的飞跃：一年前 Windows 10 市场份额为 66.04%，而 Windows 11 仅为 29.75%。

FT 报道称 Valve 支配了 PC 游戏行业，但巨大的成功也给该公司带来了危机：它开发大型游戏的速度和冰川移动一样缓慢。Valve 的 Steam 平台控制着七成的 PC 游戏销售，其它公司对 Steam 发起的挑战都是屡战屡败。以提供免费游戏著称的 Epic Games Store 未对 Steam 产生任何实质性的影响。微软的游戏商店、EA 的 Origin（已被 EA APP 所取代） 等等都难以动摇 Steam。法庭文件显示，Steam 的营收到 2026 年预计将超过 100 亿美元，在巨大的成功之下它的发展方向并不明朗。公司创始人 Gabe Newell 基本退出日常运营，居住其五艘游轮的一艘上面，投资了脑机接口 Starfish Neuroscience 等副业。

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. [...]

改进 LLM 代理：通过强化学习解决密码学 CTF 挑战 by 路人甲

阿里云jtools详解及codeql分析调用链 by 路人甲

CVE-2025-36463 Sudo_chroot Elevation of Privilege 漏洞分析 by ourren

更多最新文章，请访问SecWiki

A vulnerability, which was classified as critical, was found in Comodo Internet Security Premium 12.3.4.8162. Affected is an unknown function of the component File Name Handler. The manipulation of the argument name/folder leads to path traversal. This vulnerability is traded as CVE-2025-7098. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation of the argument binary/params leads to os command injection. The identification of this vulnerability is CVE-2025-7097. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. This vulnerability was named CVE-2025-7096. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-7095. It is possible to initiate the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #603716 / VDB-315012

Submit #603715 / VDB-315012

Submit #603714 / VDB-315011

Submit #603713 / VDB-315010

Submit #603712 / VDB-315009

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument submit-url-ok leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-7094. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file /goform/formSetLanguage of the component webs. The manipulation of the argument webpage leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-7093. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. Affected is the function formWlanMP of the file /goform/formWlanMP of the component webs. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-7091. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This issue affects the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component webs. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-7089. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.