Aggregator

A vulnerability, which was classified as critical, has been found in Oracle Blockchain Platform. Affected by this issue is some unknown functionality of the component BCS Console. The manipulation leads to off-by-one. This vulnerability is handled as CVE-2021-23017. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Blockchain Platform and classified as very critical. This issue affects some unknown processing of the component Backend. The manipulation leads to off-by-one. The identification of this vulnerability is CVE-2021-23017. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Enterprise Session Border Controller 8.4/9.0. It has been rated as critical. This issue affects some unknown processing of the component Routing. The manipulation leads to off-by-one. The identification of this vulnerability is CVE-2021-23017. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Enterprise Communications Broker 3.3. It has been declared as critical. This vulnerability affects unknown code of the component Routing. The manipulation leads to off-by-one. This vulnerability was named CVE-2021-23017. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Enterprise Telephony Fraud Monitor 3.4/4.2/4.3/4.4. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component nginx. The manipulation leads to off-by-one. This vulnerability is known as CVE-2021-23017. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems.

为遥感测绘领域提供高效、安全、可靠的数据存储服务。

ChatGPT is testing support for Model Context Protocol (MCP), which will allow the AI to connect to third-party services and use them as context. [...]

Despite support from the Trump administration, reauthorization of the legislation faces some obstacles, including a tight timeline and the fact that it is unclear who in House and Senate leadership will champion the legislation at a time when many other urgent competing bills are vying for attention.

美国海军陆战队人工智能实施计划（2025-2030财年）

人工智能在恐怖主义与反恐领域的“双刃剑”效应显著：恐怖组织借AI增强破坏力，反恐机构则依赖技术提升防御与预警能力。

OpenAI may be planning to challenge Microsoft Teams Copilot integration with a new "Record" feature in ChatGPT. [...]

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Company Deploys Thousands of Use Cases, Underscores Responsible AI to Rebuild Trust
UnitedHealth faces AI backlash after nH Predict's 90% error rate and a DOJ probe. With more than 1,000 AI applications from call routing to claims efficiency and a robust responsible AI policy, the company aims to balance innovation with trust in a high-stakes bid to reshape healthcare.

Also: Prison Time for an Irish Crypto Launderer, an ISIS Financier
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, prison sentences for Celsius CEO, Irish crypto launderer and an ISIS supporter, exCH and Haowang close, a Parisian kidnapping attempt on crypto CEO's family and Sinaloa Cartel leaders charged in U.S. federal court.

Also, DOGE Employee’s Credentials Found in Infostealer Dumps
This week, SAP NetWeaver flaw drew hackers, zero-days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor halted operations. North Korean hackers targeted South Koreans with fake conference invites, Russian hackers targeted webmail servers and Microsoft fixed 72 flaws.

Financially Strapped Cloud Services Firm Settles Suit From 2020 Patient Data Hack
A financially strapped cloud services vendor that experienced a 2020 ransomware attack affecting dozens of healthcare sector clients and hundreds of thousands of patients has agreed to a $1.9 million settlement in proposed class action litigation involving the data theft case.

Urges Companies to Regularly Patch Their Products
The British National Health Service is prodding suppliers to commit to voluntary cybersecurity measures in a bid to prevent disruptive hacks. Among the proposed measures are regularly patching IT systems, instituting multifactor authentication and requiring IT suppliers to monitor and log their systems to allow prompt incident response.

The Republican chair told Congress that the agency will need specialized software, personnel and expertise to enforce the newly passed Take It Down Act.

The post FTC wants a new, segregated software system to police deepfake porn  appeared first on CyberScoop.

Threat Attack Daily - 15th of May 2025