Aggregator

A vulnerability, which was classified as critical, was found in osCommerce Online Merchant 2.3.4.1. Affected is an unknown function of the file install_4.php of the component HTTP POST Requst Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2018-25114. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in IBM DB2 Mirror for i 7.4/7.5/7.6. This issue affects some unknown processing of the component Websocket Connection Handler. The manipulation leads to missing origin validation in websockets. The identification of this vulnerability is CVE-2025-36116. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

根据发表在 PNAS 期刊上的一项研究，气候变化正导致极端严重的森林火灾日益常见。2023 年和 2024 年是有记录以来最热的年份，全球逾 7800 万英亩森林被烧毁。火灾将浓烟和数十亿吨二氧化碳排放到大气中，数百万人因此面临恶劣的空气质量。对卫星图像的研究发现，2023 年和 2024 年因火灾损失的森林树冠（forest canopy）面积是过去近二十年年均损失面积的至少两倍。

A dual U.S.-China citizen and former Silicon Valley engineer has pleaded guilty to stealing critical military technology secrets designed to protect American national security interests.  Chenguang Gong, 59, of San Jose, admitted to transferring over 3,600 classified files containing advanced missile detection and defense technologies to personal storage devices, with intentions to benefit the Chinese […]

The post Silicon Valley Engineer Pleads Guilty to Stealing Missile Detection Data for China appeared first on Cyber Security News.

SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транспортная накладная (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML […]

The post Operation CargoTalon Targets Russian Aerospace & Defense to Deploy EAGLET Implant appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Глиняная табличка возрастом 4000 лет рассказывает, как Лис переиграл преисподнюю.

Liberty General's Sachin Joshi on Blending Technology and Empathy for Faster Claims
AI, automation and real-time tools are reshaping insurance claims. "We blend technology with empathy to deliver faster, smarter and more transparent claims," said Sachin Joshi, president of claims, operations and customer service at Liberty General Insurance.

Over 400 Organizations Breached via Ongoing ToolShell Attacks, Researchers Warn
The U.S. government agency that maintains and designs America's nuclear weapons was reportedly breached by attackers exploiting zero-day flaws in on-premises Microsoft SharePoint servers, with researchers now counting over 400 victims, including European and Middle Eastern governments.

Newly Appointed Advisory Group to Support NIS2 and CRA Implementation Across Europe
Beginning Aug. 1, European Union Agency for Cybersecurity, ENISA, will launch a new Advisory Group composed of 26 independent experts to help guide the EU’s cybersecurity strategy through 2027. Their work will support the rollout of the NIS2 Directive and the Cyber Resilience Act.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. [...]

美国国土安全部 (DHS)和美国公民及移民服务局 (USCIS)正在考虑重新评估 H-1B 签证的签发方式。美国政府考虑将 H-1B 签证的分配制度从目前的抽签制改为有利于符合特定标准——可能与技能相关——的申请人制度。H-1B 签证是美国签发给从事专业技术类工作的外籍人士的签证，必须由雇主出面为申请人申请，且申请人的雇用申请书需要美国公民及移民服务局的批准。根据美国公民及移民服务局的数据，截至 2019 年，美国约有 60 万名 H-1B 工人。H-1B 签证备受科技公司的青睐，但长期以来一直饱受批评，因为该签证被认为容易压低美国工人工资，限制移民工人的劳工权利，被外包公司滥用。

The Interlock ransomware gang is aggressively targeting businesses and critical infrastructure in North America and Europe, according to a new warning from the US Cybersecurity and Infrastructure Security Agency (CISA). stepping up its attacks and changing tactics. The agency issued an advisory describing how Interlock picks its victims on the basis of opportunity, carrying out […]

The post Interlock ransomware gang is ramping up activity, CISA warns appeared first on Ransomware.org.

Officials accuse the unnamed suspect of running XSS.is, a key and long-running marketplace with more than 50,000 registered users. The suspect allegedly made more than $8.2 million.

The post Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum appeared first on CyberScoop.

Благодаря новому алгоритму мы можем слышать Вселенную в разы лучше…

OpenAI 披露，ChatGPT 用户每天发送逾 25 亿提示词，其中 3.3 亿来自美国用户，免费版 ChatGPT 周活跃用户超过 5 亿。OpenAI 去年 12 月公布的数据是每天处理逾 10 亿次查询请求，这意味着 8 个月增长超过一倍。这些数据凸显了 ChatGPT 的普及度，它正在改变用户的信息搜索习惯。Google 没有披露它的每日搜索数据，它最近透露一年处理了 5 万亿次搜索请求，平均每天接近 140 亿次。Google 一开始也是免费服务，但最后它不得不依赖广告，它每天的搜索量如果下降则可能会影响广告收入。OpenAI 目前仍然处于烧钱阶段，其付费服务远不足以抵消支出，它最终如何盈利仍然有待观察。

The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system.

The post Cisco network access security platform vulnerabilities under active exploitation appeared first on CyberScoop.