Aggregator

A vulnerability was found in DigitalHive 2.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal. The identification of this vulnerability is CVE-2008-2415. The attack may be initiated remotely. Furthermore, there is an exploit available.

在一次项目中遇到了某呼oa，通过绕过各处限制最终拿下目标。

Cyber threats don't show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today’s complex systems, we

MoE и квантование сделали дешевые видеокарты угрозой для дата-центров.

A vulnerability was found in Apache HTTP Server 1.3.20 on Windows. It has been classified as critical. This affects an unknown part of the file /php/. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2002-2029. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A recently disclosed vulnerability (CVE-2025-46176) exposes critical security flaws in D-Link’s DIR-605L and DIR-816L routers, revealing hardcoded Telnet credentials that enable remote command execution. The vulnerability affects firmware versions 2.13B01 (DIR-605L) and 2.06B01 (DIR-816L), scoring 6.5 on the CVSS v3.1 scale with medium severity. Security researchers identified improper command neutralization (CWE-77) as the root cause, […]

The post D-Link Routers Exposed by Hard-Coded Telnet Credential appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A decade-long cyber espionage campaign orchestrated by the advanced persistent threat (APT) group TA-ShadowCricket has been exposed through a joint investigation by South Korea’s AhnLab and the National Cyber Security Center (NCSC). The group, previously identified as Shadow Force, has systematically compromised over 2,000 systems across 72 countries since 2012, with primary targets in government […]

The post TA-ShadowCricket: Sophisticated Hacker Group Targeting Government and Enterprise Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

立即查看详情 →

ИИ-ассистент GitLab Duo помог с задачей — и незаметно слил весь приватный код.

The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV)

A vulnerability was found in CMS Made Simple up to 0.10. It has been rated as critical. Affected by this issue is some unknown functionality of the file lang.php. The manipulation of the argument nls[file][vx][vxsfx] leads to file inclusion. This vulnerability is handled as CVE-2005-2846. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in EmbedThis GoAhead 2.5.0. This affects an unknown part of the file goform/login. The manipulation as part of HTTP Host Header leads to injection. This vulnerability is uniquely identified as CVE-2019-16645. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Новый закон может превратить интернет в поле для доносов.

英国三大零售巨头接连沦陷，社会工程攻击如何突破服务台防线？

在 H20 被禁止出口之后，英伟达准备推出新款中国市场专用 AI 芯片。新芯片将是基于 Blackwell 架构的 RTX Pro 6000D，使用 GDDR7 而不是 HBM 等更先进的高带宽显存，预计售价在 6,500-8,000 美元之间，低于 H20 的 10,000-12,000 美元。较低的价格反映了芯片较低的规格和更简单的制造要求，新芯片将不使用台积电先进的 Chip-on-Wafer-on-Substrate (CoWoS)封装技术。这将是英伟达第三次为中国开发专用 AI 芯片。中国仍然是英伟达的大市场，上一个财年占其总收入的 13%。分析师表示，英伟达的优势主要在于其集成 CUDA 平台 和 AI 集群的能力。

上周关注度较高的产品安全漏洞(20250519-20250525)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞315个，其中高危漏洞169个、中危漏洞126个、低危漏洞20个。

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. This vulnerability is known as CVE-2025-5196. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component. The vendor explains: "[W]e do not consider it as a security vulnerability, because the system admin in WingFTP has full permissions [...], but you can suggest the user run WingFTP service as Normal User rather than SYSTEM/Root, it will be safer."

EngineAI устраивает бои без правил между машинами — и это не шутка, а спорт будущего.

Tenable has released version 6.5.1 of its Network Monitor, a key passive vulnerability scanning solution, to address several high-severity vulnerabilities discovered in both its codebase and bundled third-party libraries. The update comes after security researchers identified vulnerabilities in widely used components such as OpenSSL, expat, curl, libpcap, and libxml2, all of which provide essential underlying […]

The post Privilege Escalation Flaws Found in Tenable Network Monitor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.