Aggregator

太阳黑子区域 AR4274 连续三天释放出 X 级耀斑（X 级是最高强度的耀斑），包括一个 X1.7 级、一个 X1.2 级和一个 X5.1 级耀斑，后者是 25 太阳周期至今释放的第六强耀斑和今年释放的最强耀斑。X5.1 级耀斑释放的日冕物质抛射将于 11 月 13 日抵达地球，而之前耀斑释放的日冕物质抛射已经抵达地球，产生了 G4 级地磁风暴，世界多地都观察到了红色的极光。红色是太阳高能粒子撞击大气层氧原子产生的。太阳向地球喷射出的部分粒子能量极强，甚至穿透大气层直达地面。世界各地的中子监测器都探测到了这次名为 Ground Level Event(GLE)的事件，如此强度的 GLE 极为罕见，每个太阳周期只会发生一到两次。上一次类似强度的 GLE 事件发生在 2006 年 12 月 13 日。这意味着该事件是二十年一遇。

Boards are spending more time on cybersecurity but still struggle to show how investments improve business performance. The focus has shifted from whether to fund protection to how to measure its return and ensure it supports growth. AI, automation, and edge technologies are reshaping operations, and directors now deal with faster, more complex risks that demand oversight. A report from Google Cloud’s Office of the CISO outlines how boards can adapt by strengthening governance in … More →

The post AI is forcing boards to rethink how they govern security appeared first on Help Net Security.

Microsoft has disclosed a critical Windows Kernel vulnerability that is currently under active exploitation in the wild. Tracked as CVE-2025-62215, the flaw enables attackers to escalate privileges and gain elevated access on vulnerable Windows systems. Attribute Details CVE ID CVE-2025-62215 Type Elevation of Privilege Release Date November 11, 2025 Severity Important CVSS Score 7.0 (6.5 […]

The post Windows Kernel 0-Day Under Active Exploitation for Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in faqs 3.1.6 on PrestaShop. This issue affects the function faqsBudgetModuleFrontController::displayAjaxGenerateBudget. This manipulation causes sql injection. This vulnerability is handled as CVE-2023-26858. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Dynamic Transaction Queuing System 1.0. This impacts an unknown function of the file /admin/ajax.php?action=save_uploads. Performing manipulation results in unrestricted upload. This vulnerability was named CVE-2023-26857. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability has been found in Dromara Lamp-Cloud before up to 3.8.0 and classified as critical. This vulnerability affects unknown code of the component JWT Token Handler. Performing manipulation results in improper authentication. This vulnerability is identified as CVE-2023-31579. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in ChurchCRM 4.5.3. This affects an unknown function. The manipulation of the argument salt leads to insufficiently random values. This vulnerability is uniquely identified as CVE-2023-26855. The attack can only be initiated within the local network. No exploit exists.

A vulnerability labeled as critical has been found in Dynamic Transaction Queuing System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=login. Executing manipulation of the argument Name can lead to sql injection. The identification of this vulnerability is CVE-2023-26856. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Textpattern up to 4.8.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Upload Plugin. Such manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2023-26852. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability classified as critical was found in TOTOLINK A7100RU 7.4cu.2313_B20191024. Affected is an unknown function of the file setting/delStaticDhcpRules. The manipulation of the argument org results in command injection. This vulnerability is identified as CVE-2023-26848. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability labeled as problematic has been found in OpenCATS 0.9.7. Affected by this vulnerability is an unknown functionality of the file opencats/index.php?m=candidates. The manipulation of the argument state results in cross site scripting. This vulnerability is reported as CVE-2023-26847. The attack can be launched remotely. No exploit exists.

Кулинар, кассир и официант в одном механическом корпусе.

Ferocious Kitten has emerged as a significant cyber-espionage threat targeting Persian-speaking individuals within Iran since at least 2015. The Iranian-linked advanced persistent threat group operates with a highly focused objective, utilizing politically themed decoy documents to manipulate victims into executing weaponized files. Over the years, the group developed a sophisticated custom implant known as MarkiRAT, […]

The post Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging appeared first on Cyber Security News.

What really counts as a hard drive failure? That’s the question at the center of Backblaze’s Q3 2025 Drive Stats report, which tracks the performance of 328,348 hard drives across its global data centers. The latest findings build on more than a decade of data that has made Backblaze one of the most transparent sources on drive reliability for IT teams, researchers, and data professionals. Backblaze hard drive failure rates for Q3 2025 “After more … More →

The post What the latest data reveals about hard drive reliability appeared first on Help Net Security.

Intelから各製品向けのアップデートが公開されました。

The Mozilla Foundation released three critical security advisories on November 11, 2025, addressing 16 unique vulnerabilities across multiple Firefox versions and platforms. The updates target Firefox 145, Firefox ESR 115.30, and Firefox ESR 140.5, with 12 vulnerabilities rated High impact and an additional 14 rated Moderate, affecting millions of users worldwide. CVE ID Product Vulnerability Type Severity CVE-2025-13012 […]

The post Mozilla Issues Urgent Firefox Update to Patch Critical Code Execution Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A landmark Metropolitan Police investigation has concluded with the sentencing of two individuals involved in one of the world’s largest cryptocurrency seizures, which recovered over 61,000 Bitcoin, worth approximately £5 billion, from a sophisticated international fraud operation. A seven-year investigation by the Metropolitan Police’s Economic Crime team has reached a significant milestone, with Zhimin Qian, […]

The post Chinese National Sentenced for Laundering Over £5 Billion from 128,000 Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in VWar Virtual War 1.5 and classified as critical. This issue affects some unknown processing of the file calendar.php. This manipulation of the argument month causes sql injection. This vulnerability appears as CVE-2008-0753. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in vtiger CRM 5.0.4. It has been classified as problematic. Affected is an unknown function of the file index.php. This manipulation of the argument query_string causes cross site scripting. This vulnerability is tracked as CVE-2008-3101. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in ViArt Shop 3.5 and classified as problematic. This affects an unknown part of the file cart_save.php. The manipulation of the argument cart_name results in cross-site request forgery. This vulnerability is known as CVE-2008-6758. It is possible to launch the attack remotely. Furthermore, an exploit is available.