Aggregator

Craig Giles组织的“Waveband Hack Club YSWS”是一个非营利项目，旨在通过编程项目教青少年学习。参与者需用RTL-SDR dongle编写程序，并在完成任务后获得V4 dongle和天线套件奖励。活动限时至7月11日。

Без IBM и без Google: в России появился конкурент в квантовой гонке.

文章介绍了一种SQL注入技术，通过利用产品分类过滤器中的漏洞进行UNION攻击。作者展示了如何确定查询返回的列数，并成功注入字符串“2ibKWe”，以演示如何从其他表中提取数据。

文章介绍了一种SQL注入UNION攻击方法，通过确定查询返回的列数和识别兼容字符串数据的列来构造攻击，最终提取目标值。

文章介绍了一个时间盲SQL注入漏洞的实验过程。通过发送特定的payload（如`' || (SELECT pg_sleep(10))--`），攻击者可以利用PostgreSQL数据库的`pg_sleep`函数引发10秒延迟，从而确认漏洞的存在并推断数据库类型。

A vulnerability classified as problematic was found in MultiVendorX Plugin up to 4.2.22 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to insertion of sensitive information into sent data. This vulnerability is known as CVE-2025-48261. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. This vulnerability is uniquely identified as CVE-2025-6152. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in conda-build up to 25.3.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-32799. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Master Slider Plugin up to 3.10.8 on WordPress. It has been rated as problematic. This issue affects the function ms_slide of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-5291. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-6140. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-6167. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google ChromeOS 16063.45.2. Affected by this vulnerability is an unknown functionality of the component MiniOS. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2025-6177. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as critical, was found in Google ChromeOS 16181.27.0. This affects an unknown part of the component Extension Management. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-6179. An attack has to be approached locally. There is no exploit available.

A vulnerability has been found in conda-build up to 25.3.x and classified as critical. This vulnerability affects the function eval. The manipulation leads to code injection. This vulnerability was named CVE-2025-32798. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability was named CVE-2025-6129. The attack can be initiated remotely. Furthermore, there is an exploit available.

As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globally, 63% of companies are in the “Exposed Zone,” indicating they lack both a cohesive cybersecurity strategy and necessary technical capabilities. Generative AI spend vs. security spend (Source: Accenture) The urgency of embedding cybersecurity by design The report reveals AI adoption has accelerated the speed, scale and sophistication of cyber threats, far … More →

The post 90% aren’t ready for AI attacks, are you? appeared first on Help Net Security.

Cisco修复了Unified Communications Manager和Session Management Edition中的严重漏洞（CVSS 10.0），该漏洞因开发中保留root静态凭证导致攻击者可获取最高权限。

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

文章描述了Lumma Stealer恶意软件感染事件及其后续RSOCKSTUN恶意软件活动。Lumma Stealer通过伪装成视频下载器和Facebook限制器传播，利用密码保护的7-Zip存档分发恶意文件。感染后会下载RSOCKSTUN恶意软件，并通过特定C2服务器进行通信。