Aggregator

A vulnerability has been found in Profelis Informatics SambaBox up to 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-2488. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Profelis Informatics SambaBox up to 5.0. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2025-2421. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #562291 / VDB-307192

A vulnerability, which was classified as problematic, has been found in Yordam Informatics Library Automation System up to 21.5. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-1301. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

苹果大部分产品是在中国组装的，随着特朗普政府对中国征收超过 100% 的关税，继续将中国组装的苹果产品销往美国在经济上不太可行。苹果如何应对这一关税挑战？苹果表示，截至 6 月 30 日的二季度其销往美国的大部分产品将由印度和越南组装。苹果 CEO 库克(Tim Cook)表示，如果现有关税政策保持不变，二季度关税的影响将使苹果成本增加 9 亿美元，他预计未来几个季度的成本可能会更高。库克称一季度的关税影响有限。他表示苹果将继续推动供应链多元化，减少对中国的依赖。“我们学到的教训是，将所有产品集中在一个地方风险太大。”

Ireland's Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. "TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "

A vulnerability was found in Google Chrome. It has been rated as critical. Affected by this issue is some unknown functionality of the component File API. The manipulation leads to use after free. This vulnerability is handled as CVE-2021-4057. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Microsoft Edge. Affected is an unknown function of the component V8. The manipulation leads to use after free. This vulnerability is traded as CVE-2021-4102. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox, Firefox ESR and Thunderbird. Affected by this issue is some unknown functionality of the component Cursor Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is handled as CVE-2021-43546. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Opmantek Open-AudIT Community up to 4.2.x. This affects an unknown part of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2021-44916. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations. [...]

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability
• CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security. Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks. “As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft […]

Было 19 000 тактов. Стало 1 700. Это вообще нормально?

Microsoft is making new Microsoft accounts passwordless by default, the company has announced on Thursday, which marked this year’s World Password Day. “As part of [a recently simplified sign-in user experience], we’re changing the default behavior for new accounts,” Vasu Jakkal, Corporate VP, Microsoft Security, and Joy Chik, President, Identity & Network Access, declared. “New users will have several passwordless options for signing into their account and they’ll never need to enroll a password. Existing … More →

The post New Microsoft accounts will be “passwordless by default” appeared first on Help Net Security.

The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation.

It’s full of good advice. I especially appreciate this warning:

When deciding whether to use Advanced Cryptography, start with a clear articulation of the problem, and use that to guide the development of an appropriate solution. That is, you should not start with an Advanced Cryptography technique, and then attempt to fit the functionality it provides to the problem. ...

The post NCSC Guidance on “Advanced Cryptography” appeared first on Security Boulevard.

关键词安全漏洞微软企业与操作系统安全副总裁 David Weston 指出，管理员账户（Administrat