Aggregator

A vulnerability, which was classified as problematic, has been found in Google Chrome. Affected by this issue is some unknown functionality of the component Extensions. The manipulation leads to clickjacking. This vulnerability is handled as CVE-2025-0446. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Navigation. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2025-0447. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

波兰数字游戏平台 GOG 宣布加入欧洲最大的游戏保存组织 European Federation of Game Archives, Museums, and Preservation Projects (EFGAMP)。该组织的成员包括了VIGAMUS — The Video Game Museum in Rome, MO5.COM in France、Computerspielemuseum in Berlin、The Netherlands Institute for Sound & Vision 和 Embracer Games Archive 等等，该组织致力于将游戏作为文化遗产加以保护。GOG 去年 12 月宣布了 GOG Preservation Program，确保经典游戏能在新一代操作系统上正常运行。GOG 董事总经理 Maciej Gołębiewski 表示该平台在成立之初就将游戏保存作为其核心使命之一。

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-0481. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys,

Submit #475011 / VDB-291924

A vulnerability was found in Google Chrome. It has been rated as problematic. This issue affects some unknown processing of the component Compositing. The manipulation leads to clickjacking. The identification of this vulnerability is CVE-2025-0448. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Moxa MGate 5121, MGate 5122 and MGate 5123 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Login Message Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-0193. The attack can be initiated remotely. There is no exploit available.

Every ticking second is a chance for cyber threats to creep in.  For businesses, the stakes couldn’t be higher. One malicious email opened by an employee, and the malware can spread across office computers faster than mushrooms after rain. The consequences? Lost data, financial damage, and a hit to your company’s reputation.  To stop these […]

The post YARA Rules: Cyber Threat Detection Tool for Modern Cybersecurity appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in Google Chrome. It has been classified as critical. This affects an unknown part of the component Extensions. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-0443. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Тысячи корпоративных сетей оказались беззащитны перед критической уязвимостью.

A vulnerability was found in Google Chrome on Android and classified as critical. Affected by this issue is some unknown functionality of the component Navigation. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is handled as CVE-2025-0435. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Payments. The manipulation leads to clickjacking. This vulnerability is known as CVE-2025-0442. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s Republic of China (PRC), known to the private sector as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers. According to court documents, … More →

The post FBI removed PlugX malware from U.S. computers appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in Google Chrome. Affected is an unknown function of the component Fenced Frames. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-0441. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Chrome. This issue affects some unknown processing of the component Frames. The manipulation leads to race condition. The identification of this vulnerability is CVE-2025-0439. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component Tracing. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-0438. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

既要精确度又要分析效率？滚！

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-0480. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.