Aggregator

A vulnerability was found in Mozilla Firefox up to 135 and classified as critical. Affected by this issue is some unknown functionality of the component WebTransport. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-1931. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 135. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-1938. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird up to 135 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-1938. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 135. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2025-1937. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mozilla Thunderbird up to 135. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2025-1937. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. This vulnerability is uniquely identified as CVE-2025-1947. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. This vulnerability is handled as CVE-2025-1946. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #506659 / VDB-298521

Submit #506657 / VDB-298520

低热量甜品到零糖饮料，人工甜味剂一直是满足人们嗜甜欲望的选择。而瑞典卡罗琳斯卡医学院团队近期发表在《细胞代谢》杂志上的新研究揭示，最常用的糖替代品之一——阿斯巴甜可能对血管健康产生负面影响。其会导致动物体内胰岛素水平上升，从而引发动脉粥样硬化，增加炎症反应，并随时间推移提高心脏病和中风的风险。 团队给小鼠连续12周喂食含有0.15%阿斯巴甜的食物，这相当于人类每天饮用约3罐无糖汽水的量。结果显示，相较于未摄入含甜味剂食物的小鼠，这些小鼠动脉中的脂肪斑块更大、更多，同时炎症程度也更高，这些都是心血管健康的负面标志。血液分析表明，阿斯巴甜进入小鼠体内后导致胰岛素水平激增。这是因为身体各处存在的感知甜味的受体在遇到阿斯巴甜时会引导释放更多的胰岛素，而阿斯巴甜比普通糖甜200倍，更能促使这种过度反应。

MySQL 索引核心知识点总结 一、索引基本概念 二、索引类型 三、索引的优缺点 四、索引底层结构（B+树） […]

Android March 2025 security update addresses over 40 vulnerabilities, including two flaws actively exploited in attacks in the wild. Android March 2025 security update addressed over 40 vulnerabilities, including two flaws, respectively tracked as CVE-2024-43093 and CVE-2024-50302, which are actively exploited in attacks in the wild. “There are indications that the following may be under […]

Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. [...]

Multinational engineering and technology services firm Tata Technologies has reportedly fallen victim to a significant cyberattack claimed by the ransomware group Hunters International. According to recent social media reports, the breach allegedly resulted in the theft of 1.4 terabytes of sensitive data, raising concerns about potential industrial espionage and operational disruptions for high-profile clients such […]

The post Hunters International Claims Tata Technologies Cyberattack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

学习吉埃替（Git），拳打马化腾，脚踩史玉柱

学习吉埃替（Git），拳打马化腾，脚踩史玉柱

U.S. law enforcement announced the recovery of $31 million in cryptocurrency tied to the 2021 Uranium Finance exploit, marking one of the largest DeFi-related asset seizures.  The operation, spearheaded by the Southern District of New York (SDNY) and Homeland Security Investigations (HSI), culminated nearly four years after attackers drained $50 million from the Binance Smart […]

The post U.S. Seizes $31 Million Funds Drained from Crypto Exchange appeared first on Cyber Security News.

A vulnerability was found in Docusnap 13.0.1440.24261. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of default cryptographic key. This vulnerability is known as CVE-2025-26849. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

The exponential growth of government data requests to technology giants has transformed Silicon Valley into the backbone of modern surveillance infrastructure. Between 2014 and 2024, Apple, Google, and Meta collectively disclosed data from 3.16 million user accounts to U.S. authorities, representing a 530–675% surge in compliance rates. This escalation correlates with the explosive growth of […]

The post Google, Meta and Apple Fuel the World’s Largest Surveillance Machine appeared first on Cyber Security News.

台积电计划向追加投资美国千亿美元。台积电此前一直在推进在美国西部亚利桑那州设立 3 座尖端工厂的计划。台积电表示，现有工厂的投资总额达到 650 亿美元。如果追加 1000 亿美元，对美国的总投资将增加到 1650 亿美元。台积电将再新建3座半导体工厂。还将设立两个承担“尖端封装”工序的设施和研发(R&D)基地。预计在未来 4 年内，在建筑相关领域创造 4 万个工作岗位，在研发等高级人才方面创造数万个工作岗位。