Aggregator

A vulnerability has been found in Silabs Series 2 SoC and classified as problematic. This vulnerability affects unknown code of the component ECDH/EdDSA. The manipulation leads to comparison logic is vulnerable to power side-channel attacks. This vulnerability was named CVE-2025-3301. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 137.x. Affected by this issue is some unknown functionality of the component Update Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-2817. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 137.x. This affects an unknown part of the component Update Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-2817. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

亚马逊据报道将在商品总价中显示关税所占的比例，美国消费者将会知道特朗普政府的关税征收政策如何影响商品价格。此举被认为可能影响亚马逊创始人贝佐斯（Jeff Bezos）与政府的关系。白宫新闻秘书 Karoline Leavitt 在白宫新闻发布会上表示这是来自亚马逊的敌意的政治行动。她呼吁美国消费者购买美国制造的商品。

CISA officially added a significant security flaw affecting Broadcom’s Brocade Fabric OS to its authoritative Known Exploited Vulnerabilities (KEV) Catalog, underscoring the urgent need for remediation across enterprise and government environments.  The vulnerability, tracked as CVE-2025-1976, is classified as a code injection vulnerability and carries a high CVSS base score of 8.6 due to its […]

The post CISA Adds Broadcom Brocade Fabric OS Vulnerability to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. [...]

A critical vulnerability in Apple’s AirPlay protocol, dubbed AirBorne, has exposed over 2.35 billion active Apple devices and tens of millions of third-party gadgets to remote code execution (RCE) attacks requiring no user interaction. Researchers at Oligo Security discovered that the flaw allows attackers on the same Wi-Fi network to hijack devices ranging from Macs […]

The post AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi appeared first on Cyber Security News.

研究发现，生成式 AI 如 ChatGPT、Claude 和 Gemini 并没有取代人类工作或者降低人类员工的薪水。这一发现质疑了构建和运营生成式 AI 的高昂资本支出。经济学家 Anders Humlum 和 Emilie Vestergaard 研究了 AI 聊天机器人对丹麦 11 个职业的影响。会计师、客户支持专家、财务顾问、人力资源、IT 支持专家、记者、法务、市场营销、办公室文员、程序员和教师等职业被认为易受 AI 影响。但研究结果显示， AI 聊天机器人对劳动力市场和薪水的影响微乎其微，没有观察到存在显著影响。科技行业一直宣称 AI 的经济潜力，企业投入了数十亿美元建设支持 AI 的基础设施。问题不在于员工们回避生成式 AI 聊天机器人，而是它们尚未转化为实际的经济效益。

A vulnerability has been found in GNOME gdk-pixbuf up to 2.42.1 and classified as problematic. Affected by this vulnerability is the function write_indexes of the file lzw.c of the component LZW Compression Handler. The manipulation leads to infinite loop. This vulnerability is known as CVE-2020-29385. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OS4ED openSIS up to 9.1 and classified as critical. Affected by this issue is some unknown functionality of the file /attendance/AttendanceCodes.php. The manipulation of the argument table leads to sql injection. This vulnerability is handled as CVE-2025-22925. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in OS4ED openSIS up to 9.1. It has been declared as critical. This vulnerability affects unknown code of the file /modules/students/Student.php. The manipulation of the argument stu_id leads to sql injection. This vulnerability was named CVE-2025-22924. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in B-Link BL-AC2100 up to 1.0.4. Affected is the function set_LimitClient_cfg. The manipulation of the argument time1/time2 leads to command injection. This vulnerability is traded as CVE-2025-29062. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in B-Link BL-AC2100 up to 1.0.4. Affected by this issue is some unknown functionality of the file /goform/set_hidessid_cfg. The manipulation of the argument enable leads to command injection. This vulnerability is handled as CVE-2025-29063. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in tauri-apps plugins-workspace up to 2.2.0 on Linux and classified as very critical. This vulnerability affects unknown code of the component Open Endpoint. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-31477. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Drupal Obfuscate up to 2.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-3130. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Jenkins. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-31721. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Jenkins Templating Engine Plugin up to 2.5.3. Affected by this issue is some unknown functionality. The manipulation leads to sandbox issue. This vulnerability is handled as CVE-2025-31722. The attack can only be initiated within the local network. There is no exploit available.

New Zealand Model Brings Cyber and Fraud Teams Together to Defend Against Scammers
To help financial institutions counter crime, the FS-ISAC earlier this month introduced a major initiative: the Cyberfraud Prevention Framework. This new initiative is designed to unify cybersecurity and fraud prevention teams to more effectively protect customers and secure the enterprise.