Aggregator

Submit #585114 / VDB-310421

Производители камер не готовы к игре по индийским законам.

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component PORT Command Handler. The manipulation leads to buffer overflow. This vulnerability was named CVE-2025-5295. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #582988 / VDB-310420

Почему закон о безопасности детей может угрожать приватности каждого.

Framework for Moving From Scattered Tools to Unified AI Security Strategies
As CISOs grow confident with standard cybersecurity tools, AI security remains a grey area. By systematically breaking down AI security into seven key pillars - rather than waiting for a comprehensive solution - organizations can embed security by design to proactively address emerging cyberthreats.

Google Is Getting Accolades for Veo 3, But the AI Video Tool Has a Darker Side
AI enthusiasts are saying Veo 3 is one of Google's best products. The mind-blowing AI constructs cinematic video clips from text prompts, and the results look real. Veo 3 pushes deepfake capabilities into uncharted territory and introduces new threats to truth, trust and authenticity.

CISA Advisory Says Threat Actors Stole App Secrets in Azure-Hosted Backup Platform
A suspected Chinese state hacking group linked to last year’s telecom intrusions breached Commvault’s Microsoft Azure environment, exposing sensitive Microsoft 365 credentials and reigniting fears over U.S. cloud infrastructure vulnerabilities and default security settings.

Open Garden Strategy, Automated Risk Remediation to Get a Boost With Veriti Buy
Check Point will fold Israeli firm Veriti into its Quantum suite following an acquisition aimed at streamlining automated security response across endpoints, firewalls and cloud environments. Veriti’s patented technology is seen as critical to reducing misconfigurations without business disruption.

A RobbinHood Attack Against Baltimore Cost City $19 Million
An Iranian national behind a spate of ransomware attacks against U.S. municipalities including an attack that cost the city of Baltimore $19 million to rectify pleaded guilty in U.S. federal court Tuesday afternoon. Sina Gholinejad, 37, admitted to deploying Robinhood ransomware.

Prompt Injection, HTML Output Rendering Could Be Used for Exploit
Hackers can exploit vulnerabilities in a generative artificial intelligence assistant integrated across GitLab's DevSecOps platform to manipulate the model's output, exfiltrate source code and potentially deliver malicious content through the platform's user interface.

恶意分子在发布这些恶意软件时还列出了几个合法的软件包，以建立信任并逃避检测。

5月23日，由国投智能主办的2025年“智会”生态合作大会顺利举行。

Venom RAT действует настолько уверенно, будто изучил твою систему лучше тебя.

特朗普政府正在考虑要求所有申请到美国留学的国际学生接受社交媒体审查，为准备实施这一审查要求，政府已指示全球各地美国使领馆暂停为学生和交流访问学者签证申请者安排新的面谈。此前已经预约好的签证面谈仍然可以进行。如果美国政府实施这一审查计划，可能会严重减缓学生签证的处理速度，也可能对许多依赖国际学生来增加财政收入的美国大学造成不利影响。

A vulnerability classified as problematic has been found in Apache InLong up to 2.1.0. This affects an unknown part of the component Invisible Character Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-27528. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache InLong up to 2.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JDBC Handler. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-27526. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache InLong up to 2.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component JDBC Handler. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-27522. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP Extended Plugin up to 3.0.15 on WordPress. It has been classified as problematic. Affected is an unknown function of the component SVG File Parser. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-4963. It is possible to launch the attack remotely. There is no exploit available.