Aggregator

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. [...]

A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. This vulnerability was named CVE-2025-1376. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that renders fonts (thus, text) onto digital displays (e.g., screens) and is used across many platforms, including Android, iOS, macOS, and Linux. FreeType has been the source of multiple security vulnerabilities over the years, mostly due … More →

The post Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) appeared first on Help Net Security.

当地时间5日，由泰国国家网络安全局组织的网络安全培训班举行结业仪式，泰国副总理兼国防部长普坦主持结业仪式。10万名来自各行各业的网络安全人员完成培训任务，此举将会提升泰国网络安全工作能力。

人工智能的迅猛发展正在重塑人类社会的生产和生活方式。但是，与其相伴而生的还有虚假信息、错误信息、权益侵害等一系列显性与潜在的风险。

“网信事业代表着新的生产力、新的发展方向”，网络法治是信息革命发展的时代需求，也是推进网络强国建设、护航新质生产力发展的重要保障。4月27日，我国首部网络法治建设的综合性年度报告《中国网络法治发展报告（2024年）》正式发布。

原有的数据基础设施主要满足单一组织的数据存储、管理和本地处理需求，重在安全可靠。在数字经济背景下，数据基础设施作为经济发展的重要支撑，关注数据的流通、安全和跨行业共享，支持创新应用和高效的数据利用。

腾讯小米百度等多个公司软件更新或被劫持

腾讯小米百度等多个公司软件更新或被劫持

稿件提交截止日期：2025年11月20日

В Telegram снова “раздают” деньги.

稿件提交截止日期：2025年11月20日

非盈利组织 Trifecta Tech Foundation 报告，Ubuntu 25.10 将默认使用它开发的 sudo-rs——用内存安全语言 Rust 开发的 sudo 实现。Ubuntu 25.10 代号 Questing Quokka，预计将于 2025 年 10 月释出，是一个短期支持版本。Sudo-rs 是 Trifecta Tech Foundation 的 Privilege Boundary 倡议的一部分，该倡议旨在用内存安全方案去处理提权问题。

Half of UK firms have over 10 cyber positions unfilled, according to Cisco

A vulnerability was found in Matrix42 Workspace Management up to 9.1.2.2765. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Software Catalogue. The manipulation of the argument Search as part of Parameter leads to cross site scripting (Reflected). This vulnerability is handled as CVE-2019-19390. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Matrix42 Workspace Management up to 9.1.2.2765. This affects an unknown part of the component Comment Field. The manipulation as part of Parameter leads to cross site scripting (Stored). This vulnerability is uniquely identified as CVE-2019-19500. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Netgear MR1100. This vulnerability affects unknown code. The manipulation leads to information disclosure (Credentials). This vulnerability was named CVE-2019-20638. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear RAX40. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to basic cross site scripting (Stored). This vulnerability was named CVE-2019-20644. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.