Aggregator

Submit #571068 / VDB-309052

A vulnerability was found in I-O DATA DEVICE HDL-TC1, HDL-TC500, HDL-T1NV, HDL-T1WH, HDL-T2NV, HDL-T2WH, HDL-T3NV and HDL-T3WH up to 1.21. It has been rated as critical. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-32738. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in I-O DATA DEVICE HDL-TC1, HDL-TC500, HDL-T1NV, HDL-T1WH, HDL-T2NV, HDL-T2WH, HDL-T3NV and HDL-T3WH up to 1.21. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-32002. The attack can be launched remotely. There is no exploit available.

ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential data from specific email accounts. Operation RoundPress compromise chain (Source: ESET) Targets Most of the targets are related to the current war in Ukraine. They are either Ukrainian governmental entities or defense companies in Bulgaria and … More →

The post Russia-linked hackers target webmail servers in Ukraine-related espionage operation appeared first on Help Net Security.

All Risk, No Reward: Meta's Ongoing Legal Issues in Europe
Social media giant Meta is likely to face more legal hurdles over its plans to use the personal data of European Facebook and Instagram users to train artificial intelligence models. Meta paused efforts to train AI with European data in June 2024.

Report Finds North Koreans Embedded in Top Blockchain and Web3 Projects
A new report details how North Korea’s cybercrime network is infiltrating global tech firms with fake IT workers who exploit trusted access to steal millions in cryptocurrency, launder funds through international fronts and channel proceeds into weapons development and espionage missions.

HHS Secretary Testifies to Congress on Trump Administration's FY 2026 Budget Plans
The U.S. Department of Health and Human Services aims to bolster cybersecurity and health IT through the aid of artificial intelligence that will be used at federal health agencies, said Robert F. Kennedy Jr., secretary of HHS during House and Senate committee budget hearings on Wednesday.

It's Me, Not You: CISA Withdraws Leidos Cyber Offer Last Second
A multi-billion dollar vision by the Cybersecurity and Infrastructure Security Agency for its government-wide network intrusion detection and prevention system went kaput on Friday, court documents show. It withdrew an offer to contractor Leidos to support the National Cybersecurity Protection System.

Russian hackers aren’t just targeting Ukraine — they also appear to be going after their defense contractors in other countries, new ESET research surmises.

The post Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers appeared first on CyberScoop.

A vulnerability classified as problematic has been found in hailey888 oa_system. This affects an unknown part of the file /mail/MailController.java. The manipulation of the argument Password leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-29689. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

How to protect yourself from the impact of data breaches

На серверы уже загружены шеллы, а дальше — только хуже.

Вместо того чтобы наращивать кластеры, они научили ИИ думать компактно… и удвоили результат.

在印巴冲突以来，印度要求 X/Twitter 在其境内屏蔽逾 8000 个账号。它给出的一个理由是这些账号传播了与冲突相关的虚假信息。印度的 X 用户将无法访问被屏蔽账号的内容，但其他地区的用户能正常浏览。被屏蔽的账号包括了知名的媒体，其中包括了新华社、环球时报等中国媒体。印巴双方已于 5 月 10 日达成停火协议，但相关账号仍然处于封禁状态。

微软官方发布5月安全更新，请及时安装补丁修复。

A vulnerability was found in TECNO com.transsion.aivoiceassistant 4.1.1.014. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cleartext storage of sensitive information. This vulnerability is traded as CVE-2025-4737. Attacking locally is a requirement. There is no exploit available.

X/Twitter 用户经常会 @Grok，询问 xAI 的聊天机器人对各种话题的看法。然而从本周三开始，马斯克（Elon Musk）的 AI 似乎也嗨了，对任何话题都以南非“白人种族灭绝”进行回应。Grok 喋喋不休地的将任何话题都转向南非“白人种族灭绝”以及相关歌曲《Kill the Boer》，它拒绝讨论其他话题。Grok 对该话题的观点几乎与马斯克完全一致，其训练材料可能就来自 X。

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The identification of this vulnerability is CVE-2025-4747. The attack may be initiated remotely. Furthermore, there is an exploit available.

Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...]

Пока вы подбираете шрифт, вредоносный код уже забирает права администратора.