Aggregator

Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning critical infrastructure operators-particularly those in the oil and natural gas sector-of emerging cyber threats targeting Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) networks. The agency reports that, in recent months, unsophisticated cyber actors have increasingly attempted to infiltrate […]

The post CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025

本篇文章主要填补历史遗留下来的坑——XXL-JOB中的"xxl.job.accessToken"导致的命令执行漏洞分析，此前看到这个漏洞预警时就看了一眼感觉和那个Shiro的密钥硬编码大差不差的，有点雷同，而且网上大多都是复现的并没有什么分析为啥会造成命令执行以及基本的原理，都是齐刷刷的利用，最近在翻笔记的时候发现之前遗留的只有标题的空白的文章，于是补一下坑

Новый носитель может пережить цивилизацию.

西班牙马德里卡洛斯三世大学（UC3M）与哈佛大学的联合科研团队取得重要突破，通过实验成功实现了对电磁超材料的可编程重构。这种创新性的人造材料无需改变其化学成分，即可重新编程其几何形状和结构行为。该项技术的问世，为生物医学和软体机器人等领域的创新发展提供了全新可能。研究人员表示，仅需调整磁体的空间排布，就能通过调控磁相互作用实现材料性能的多样化转变。

SQCTF万文题解

A vulnerability was found in Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57 and classified as critical. This issue affects some unknown processing of the component Portal. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2020-2751. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58. It has been classified as critical. Affected is an unknown function of the component Process Scheduler. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2020-2797. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle PeopleSoft Enterprise SCM Purchasing 9.2. This affects an unknown part of the component Purchasing. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2020-2899. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle MICROS Relate CRM Software 11.4. Affected by this issue is some unknown functionality of the component Segments. The manipulation leads to session fixiation. This vulnerability is handled as CVE-2019-17563. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Retail Order Broker 15. This affects an unknown part of the component System Administration. The manipulation leads to session fixiation. This vulnerability is uniquely identified as CVE-2019-17563. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Retail Order Broker 15.0/16.0 and classified as critical. This vulnerability affects unknown code of the component System Administration. The manipulation leads to download of code without integrity check. This vulnerability was named CVE-2020-5398. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Retail Advanced Inventory Planning 15.0/16.0. This affects an unknown part of the component AIP Dashboard. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-17091. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Retail Merchandising System 16. This vulnerability affects unknown code of the component Inventory Tracking. The manipulation leads to cross site scripting. This vulnerability was named CVE-2019-17091. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

印巴爆发了武装冲突，印度的空袭导致了至少 8 名巴基斯坦平民死亡。可能是出于通讯和宣传的需要，巴基斯坦解除了对 X 的封禁，即当地网民不再需要 VPN 就能直接访问 X/Twitter。巴基斯坦是在 2024 年 2 月大选之后以国家安全的理由封锁了 X，此后巴基斯坦网民不得不通过 VPN 访问该社交平台。巴基斯坦政府官员去年 8 月还一度宣称由于大量用户使用 VPN 而导致网络访问缓慢。

​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. [...]

A vulnerability was found in Francisco Burzi PHP-Nuke up to 7.2. It has been declared as problematic. Affected by this vulnerability is the function cookiedecode of the file mainfile.php. The manipulation of the argument User leads to basic cross site scripting. This vulnerability is known as CVE-2004-1930. The attack can be launched remotely. Furthermore, there is an exploit available.

A startling discovery by Hunted Labs has brought to light a potential security risk lurking within the heart of the cloud-native ecosystem. The open source Go package easyjson, widely used for optimizing JSON serialization and deserialization, has been found to be fully controlled by developers based in Moscow, employed by VK Group (also known as […]

The post Russian Company Gains Full Control Over Critical Open Source Easyjson Library appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages