Aggregator

新人福利加码，端午礼盒大放送

PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of a critical vulnerability that could let attackers trigger denial-of-service (DoS) conditions by exploiting flawed DNS-over-HTTPS (DoH) exchanges. The flaw, tracked as CVE-2025-30194 (CVSS score: 7.5), affects DNSdist versions 1.9.0 to 1.9.8 when configured to handle DoH traffic via the nghttp2 provider. Attackers can exploit the bug […]

The post PowerDNS DNSdist Vulnerability Let Attackers Trigger Denial-of-Service appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

За науку без согласия теперь можно получить иск.

Security researchers have disclosed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability, tracked as CVE-2025-3500, received a high CVSS score of 8.8 and was publicly disclosed on April 24, 2025, after being patched by Avast. The security flaw […]

The post Avast Antivirus Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Trellix announced advancements to Trellix DLP Endpoint Complete, available globally in Q2 2025. New offerings and features incorporate intelligent capabilities to enhance Trellix’s data loss prevention (DLP) solutions, enabling customers to protect sensitive information in non-text file formats, strengthen compliance through visual labeling features, stop exfiltration via text in web forms such as AI chat interactions, and protect data during wireless file-sharing between macOS devices. “By extending DLP capabilities to non-text formats and supporting emerging … More →

The post Trellix DLP Endpoint Complete prevents data leaks in Windows and macOS appeared first on Help Net Security.

Исследователи выявили, как превратить любую нейросеть в послушную марионетку.

WhatsApp, the world’s most popular messaging platform, has announced a major expansion of artificial intelligence (AI) capabilities, promising to enhance user experience while reinforcing its longstanding commitment to privacy and message secrecy. Meta, WhatsApp’s parent company, has integrated its generative AI assistant, Meta, directly into the app, allowing users to ask questions, generate images, and […]

The post WhatsApp Unveils New AI Features While Ensuring Full Message Secrecy appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Although the National Institutes of Health appears to have scaled back plans to build a national registry to track individuals with autism, the agency's research project still poses critical data privacy concerns, said Ariana Aboulafia and Andrew Crawford of the Center for Democracy and Technology.

Capitol Meridian Partners' Razi on Smarter AI Use, Strong Leadership and Diversity
Many AI models prioritize speed over security, exposing organizations to significant risks. Niloofar Razi, operating partner at Capitol Meridian Partners, stressed the need for companies to evaluate models carefully before adoption.

Energy Department Disputes Nuclear Access Breach Claims in Latest DOGE Controversy
Department of Government Efficiency staffers gained access to accounts on classified networks storing some of the nation's top nuclear secrets according a report published concurrently with a lawsuit arguing the task force is unconstitutional and lacks congressional approval.

Hot Topics Also Include Quantum Computing, Blockchains, Artificial Intelligence
Cryptocurrencies have dramatically failed to live up to their promise, to the extent that the "world would be better" without them, said cryptographer Adi Shamir at this year's RSAC Conference, during an expert panel that touched on artificial intelligence, quantum computing, blockchains and more.

Panel Discusses Views on Cryptocurrency, OT Security and Data Sovereignty
ISMG editors share highlights from Day 2 of the RSAC Conference 2025 in San Francisco, including insights from the cryptographers' panel, operational technology security awareness at the board level, and the growing focus on securing both public and private AI models.

微软将研究人员在攻击演示中的登录尝试标记为“atRisk”，因为他们使用了VPN，因此监控异常登录是防止这些攻击的关键。

该漏洞利用了Darwin通知，这是CoreOS层中的一种低级消息传递机制，允许进程通信系统范围的事件。

微软将研究人员在攻击演示中的登录尝试标记为“atRisk”，因为他们使用了VPN，因此监控异常登录是防止这些攻击的关键。

该漏洞利用了Darwin通知，这是CoreOS层中的一种低级消息传递机制，允许进程通信系统范围的事件。

Он выглядел слишком правдоподобно, чтобы вызвать хоть малейшие подозрения.

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function sk_user_data of the file net/l2tp/l2tp_core.c of the component L2TP Handler. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-4129. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.18.5. This issue affects some unknown processing of the file net/ipv6/ip6_output.c. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2022-49728. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in runc up to 1.1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2022-29162. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.