Aggregator

知名安卓启动器 Nova Launcher 的创始人 Kevin Barry 离开 Branch 公司，开源计划搁置。Branch 于 2022 年收购 Nova 后承诺若创始人离职将开源代码，但现要求 Kevin 停止相关工作。Nova 团队其余成员已被裁，未来开发或由 Branch 自行组织。

Защита критической инфраструктуры стала доступнее для СМБ.

Submit #644935 / VDB-323049

A vulnerability labeled as problematic has been found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. This vulnerability is identified as CVE-2025-10092. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. This vulnerability is referenced as CVE-2025-10091. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-10090. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #644920 / VDB-314780

The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt to shift left, security teams deputized developers to own remediation. While development teams have legitimately become more security-focused, it’s created a dynamic in which security is still accountable for risk but has … More →

The post Cyber defense cannot be democratized appeared first on Help Net Security.

A major security flaw has been discovered in Argo CD, a popular open-source tool used for Kubernetes GitOps deployments. The vulnerability allows project-level API tokens to expose sensitive repository credentials, such as usernames and passwords, to attackers. The issue has been classified as critical with a CVSS score of 9.8/10 and is tracked as CVE-2025-55190. The […]

The post Critical Argo CD API Flaw Exposes Repository Credentials to Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #644918 / VDB-314554

Submit #644868 / VDB-323047

Submit #644864 / VDB-323046

Submit #644635 / VDB-323045

AI 数据行业，总有新人出头。

当前环境出现异常，需完成验证后方可继续访问。

Письма пришли перед раундом переговоров в Швеции, когда обсуждалось продление тарифного перемирия.

文章记录了一周内网站遭受的扫描、探测及异常流量攻击情况，并提供了相关PCAP文件（需密码解压），密码可在网站“about”页面找到。

The threat group TAG-150, which researchers associate with the development of the CastleLoader malware, has expanded its arsenal

The post CastleRAT: The New MaaS Threat Expanding the Cybercrime Toolkit appeared first on Penetration Testing Tools.

The European Commission has fined Google €2.95 billion (approximately $3.5 billion), accusing the company of abusing its dominant

The post EU Fines Google $3.5B for Abusing Its Ad Tech Monopoly appeared first on Penetration Testing Tools.