Aggregator

A vulnerability was found in Microsoft Edge. It has been rated as problematic. Impacted is an unknown function of the component Scripting Engine. This manipulation as part of Object causes information disclosure. This vulnerability is handled as CVE-2018-0767. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to apply a patch to fix this issue.

控制者视角、收集时点与接收方可识别性

当前环境出现异常,需完成验证后方可继续访问。

谷歌推出 Nano Banana 工具助力 Gemini 获得 1,000 万新用户，并更名为 Gemini 2.5 Flash Image。免费版用户每天可编辑 100 次，付费版为 1,000 次。谷歌新增明水印和盲水印以识别 AI 图片。

/r/netsec是一个由社区管理的技术信息安全内容聚合器，旨在提取有价值的信息并提供给安全从业者、学生、研究人员和黑客。

欢迎投递简历！

Cloudflare 的 1.1.1.1 DNS 服务器被 Fina CA 错误签发 12 份数字证书，用于内部测试时 IP 地址填写错误。Cloudflare 和微软未及时发现并处理问题，导致 Windows 和 Edge 用户面临安全威胁。

Atlassian以6.1亿美元收购The Browser Company及其浏览器Arc和Dia。Dia内置AI功能，支持多任务协作和自定义技能，并提供付费Pro版本。此次收购旨在推动浏览器创新与AI整合。

HackerNews 编译，转载请注明出处： 捷豹路虎（JLR）正在调查一个与“Scattered Spider”（散裂蜘蛛）组织有关的黑客联盟所声称的、对这家汽车制造巨头的攻击负责的说法。 该英语网络犯罪组织据信应对今年早些时候针对英国零售商玛莎百货（M&S）、Co-op 和哈罗德（Harrods）的网络攻击负责。 英国广播公司（BBC）报道了这一声称，该报道基于与一位自称是该集团发言人的个体的私人短信对话。该集团自称为“Scattered LapsusHunters”，暗示了ScatteredSpider、ShinyHunters和Lapsus之间可能存在合作。 BBC称，该集团声称已访问了捷豹路虎的系统，并试图向该公司勒索钱财。 目前尚未确认是否有数据被窃，或Scattered Lapsus$ Hunters是否安装了勒索软件。 然而，该集团在即时通讯应用Telegram上分享了声称截取自捷豹路虎IT网络内部的截图。这些未经核实的图像包括用于排查汽车充电问题的内部指令和内部计算机日志。 捷豹路虎的一位发言人在回应置评请求时表示：“我们知悉与近期网络事件相关的声称，我们正在持续积极调查。” 捷豹路虎于9月2日首次确认遭受网络事件，称在汽车制造商主动关闭系统以减轻事件影响后，其销售和生产运营受到严重干扰。 由于网络事件造成的干扰，在英国默西塞德郡哈利伍德（Halewood）生产工厂工作的员工被告知9月2日星期二不要上班。 截至撰写本文时，捷豹路虎尚未提供有关运营影响的进一步细节。然而，当地新闻媒体《利物浦回声报》在9月4日报道称，捷豹路虎员工仍未返回默西塞德郡工厂。 Scattered Spider 寻求关注其活动 NetSPI EMEA服务总监Sam Kirkman表示，该集团与BBC的互动显示了其希望引起外界对其活动关注的渴望，这是其在4月份攻击玛莎百货后也采用过的策略。 他指出：“该集团努力吸引人们关注其活动，这表明除了对目标进行财务勒索外，运营中断和声誉影响也是其目标。” Kirkman继续表示：“需要注意的是，截图无法核实，可能是为了给该集团吸引更多关注而伪造的。” ESET全球网络安全顾问Jake Moore指出，像Scattered Spider这样的黑客组织正变得越来越大胆，热衷于炫耀他们的“成功”。 他评论道：“通过使用Telegram来炫耀他们的声称和勒索要求，这显示了其肆无忌惮的自信，认为可以保持不被发现，这简直是在受害者的伤口上撒盐。” 明显的跨集团合并令人担忧 Acumen Cyber的首席顾问Nathan Webb认为，Scattered Spider与ShinyHunters和Lapsus$的明显合作可能会对该集团的能力产生重大影响。 这三个集团都以使用社会工程学技术进入目标而闻名，之后使用勒索和数据窃取等策略获取经济利益。 最近，Scattered Spider和ShinyHunters使用了语音钓鱼（vishing）技术来获取第三方IT提供商的高价值凭证。这包括ShinyHunters被报道的入侵Salesforce客户凭证事件，影响了包括谷歌、香奈儿和阿迪达斯在内的公司。 Webb评论说：“这些威胁行为者显然已经联合起来，以提高建立初始访问受害者系统的有效性，该集团在技术和可用数据上进行合作以增强其攻击。” 他补充道：“威胁行为者集团之间为实施犯罪而日益增长的合作，强调了他们现在多么像企业一样运作，并强化了加强防御的必要性。” 与Scattered Spider一样，ShinyHunters和Lapsus$也由讲英语的行为者组成。 Scattered Spider和ShinyHunters与“The Com”有关，这是一个松散组织的在线犯罪网络，涉及数千名讲英语的个人。 据信这些集团包含年轻的，通常是青少年黑客。 2023年8月，英国法院认定一名牛津青少年对涉及知名品牌的一系列黑客事件负责，其是臭名昭著的Lapsus$集团的一部分。 2025年7月，英国执法部门逮捕了三名青少年和一名20岁男子，怀疑他们参与了4月份针对玛莎百货、Co-op和哈罗德的网络攻击。       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

由于缺少具体的文章内容，请提供相关内容以便进行总结。如果您需要帮助解释“error code: 521”，请告知以便提供相关信息。

A vulnerability labeled as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. This vulnerability is listed as CVE-2025-9832. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in CodeAstro Real Estate Management System 1.0 and classified as problematic. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. This vulnerability is referenced as CVE-2025-9939. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as problematic. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. This vulnerability is identified as CVE-2025-9940. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can lead to unrestricted upload. This vulnerability is tracked as CVE-2025-9941. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. Affected is an unknown function of the file /submitproperty.php. The manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2025-9942. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in Google Android. This impacts the function gxp_mapping_create of the file gxp_mapping.c. The manipulation leads to protection mechanism failure. This vulnerability is listed as CVE-2025-36905. The attack must be carried out locally. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability described as problematic has been identified in Google Android. This impacts an unknown function. Executing manipulation can lead to improper privilege management. The identification of this vulnerability is CVE-2025-36904. The attack needs to be done within the local network. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in libsoup and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Header Handler. Executing manipulation of the argument Vary can lead to use of cache containing sensitive information. This vulnerability is tracked as CVE-2025-9901. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Z-BlogPHP 1.7.3 and classified as problematic. This impacts an unknown function of the file \zb_users\theme\shell\template. The manipulation leads to code injection. This vulnerability is documented as CVE-2024-55529. The attack requires being on the local network. There is not any exploit available.