Aggregator

Бэкдор даже не прятался — просто никому не пришло в голову его искать.

Currently trending CVE - Hype Score: 9 - The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.

Новая роль внутри команды — как ответ на запрос рынка быть не просто услышанным, а понятым.

A vulnerability, which was classified as problematic, has been found in tngan SAMLify up to 2.9.x. This issue affects some unknown processing of the component SAML Response Handler. The manipulation leads to improper verification of cryptographic signature. The identification of this vulnerability is CVE-2025-47949. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000

直播预告 | 腾讯云原生天幕+御界全新发布，一键开启云端安全新时代

《全球数据泄露态势月度报告》（2025年4月）

微软在为其经典应用记事本（Notepad）引入 AI 文本重写（Rewrite）和总结（Summarize）功能之后，引入了完全由 AI 生成文本的功能，该功能被称为“Write”。和 Rewrite 和 Summarize 类似，使用 Write 需要用户登陆微软账号，免费用户每月有 15 个可使用积分，个人版和家庭版订阅用户每月有 60 个积分。如果用户是使用本地账号登陆而不是使用微软账号，那么他们将无法使用 AI 功能。微软同时还释出了画图和截图工具的预览更新，其中画图的新功能也都与 AI 相关，包括“贴纸生成器”和智能选择工具。

Submit #570727 / VDB-310090

In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. [...]

dMSA раздаёт привилегии, как конфеты на детском утреннике.

国际前沿技术 AI+Fuzz 实现细节、LLM + Fuzzer、CKGFuzzer

A vulnerability was found in Apple macOS. It has been rated as critical. Affected by this issue is some unknown functionality of the component AppleScript. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2022-32852. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rocket.Chat up to 4.7.4/4.8.1. It has been rated as problematic. This issue affects the function getS3FileUrl of the component Meteor Server. The manipulation leads to injection. The identification of this vulnerability is CVE-2022-35246. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda i9 1.0.0.8. It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDget of the component String Handler. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2022-40104. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Tenda i9 1.0.0.8(3828). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component String Handler. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2022-40105. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Rocket.chat up to 4.x. It has been rated as critical. Affected by this issue is some unknown functionality of the component Direct Message Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2022-35250. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Rocket.Chat up to 4.x. This issue affects some unknown processing of the component Style Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-35251. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Samsung Exynos up to 9820. Affected is an unknown function. The manipulation leads to race condition. This vulnerability is traded as CVE-2023-45864. An attack has to be approached locally. There is no exploit available.