Aggregator

1.Qilin勒索团伙公布了新的受害者 2.Play勒索团伙公布新的受害公司 3.INC Ransom团伙公布新的受害公司

由腾讯云鼎实验室-腾讯安全众测平台发起的「黑客松-智能渗透挑战赛」即将拉开战幕！

A vulnerability, which was classified as critical, was found in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. This vulnerability is listed as CVE-2025-12862. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/spec_add.php. This manipulation of the argument flags[] causes sql injection. This vulnerability is tracked as CVE-2025-12861. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #679802 / VDB-331509

A vulnerability classified as critical was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelist_main.php. The manipulation of the argument orderby results in sql injection. This vulnerability is identified as CVE-2025-12860. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in DedeBIZ up to 6.3.2. This impacts an unknown function of the file /admin/templets_one_edit.php. The manipulation of the argument ids leads to sql injection. This vulnerability is referenced as CVE-2025-12859. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

慢雾将继续为构建更安全、更可信的区块链生态而努力！

Submit #679692 / VDB-331508

勒索软件进入“AI驱动”进化新阶段：360报告揭示病毒变种呈现智能化特征

360作为中国“AI+安全”领军企业，将深度参与全球人工智能治理与产业推进工作。

A vulnerability described as problematic has been identified in BUFFALO WSR-1800AX4, WSR-1800AX4S, WSR-1800AX4B and WSR-1800AX4-KH. This affects an unknown function. Executing manipulation can lead to password hash with insufficient computational effort. The identification of this vulnerability is CVE-2025-46413. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

0 % свободы, 100 % подчинения: как сдержать восстание машин, когда они поумнеют окончательно?

A vulnerability marked as critical has been reported in DIAL CentrosNet up to 2.64. The impacted element is an unknown function of the file /centrosnet/ultralogin.php. Performing manipulation of the argument ultralogin results in sql injection. This vulnerability was named CVE-2025-10870. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Submit #679111 / VDB-331507