Aggregator

A vulnerability has been found in David Harris Pegasus Mail 3.12 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mailto Handler. The manipulation of the argument -F leads to improper privilege management. This vulnerability is known as CVE-2000-0930. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cybersecurity analysts have issued a high-priority warning after several incidents revealed active exploitation of SAP NetWeaver, the widely deployed enterprise integration platform. Attackers have leveraged an unreported 0-day vulnerability to deploy web shells, which give them remote command execution capabilities and persistent backdoor access even on fully patched systems. CVE Details The exposure centers around […]

The post SAP NetWeaver 0-Day Vulnerability Enables Webshell Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HackerNews 编译，转载请注明出处： WhatsApp推出了一项名为“高级聊天隐私（Advanced Chat Privacy）”的新功能，旨在保护私聊和群组对话中交换的敏感信息。该隐私选项可在点击聊天名称后启用，用于阻止他人保存媒体文件和导出聊天内容。 WhatsApp表示：“今天我们推出了最新的隐私层‘高级聊天隐私’。这项在聊天和群组中均可使用的新设置，能在您需要更高隐私时防止他人将WhatsApp内的内容外传。启用该设置后，您可阻止他人导出聊天记录、自动下载媒体至手机，以及将消息用于人工智能（AI）功能。这将使聊天中的每位成员更确信无人能将对话内容带出聊天。” 该公司补充称这是该功能的第一个版本，正在向所有已更新至最新版本WhatsApp的用户推送。WhatsApp还在为该功能开发更多防护措施以增强其效果。但需注意，即使启用“高级聊天隐私”，仍存在通过截屏（如果未禁用截图功能）等方式提取敏感媒体和信息的可能。 这项新功能是WhatsApp七年前启动的通信安全强化计划的一部分——当时该公司首次引入端到端加密。五年后（2021年10月），WhatsApp开始向iOS和Android设备推送端到端加密的聊天备份功能。同年12月，通过为所有新聊天添加默认“阅后即焚”消息支持进一步扩展隐私控制。 近期更新包括：使用密码或指纹锁定聊天、通过“秘密代码”隐藏锁定聊天、允许Android和iOS用户在通话时通过WhatsApp服务器代理隐藏地理位置。自2024年10月起，WhatsApp还开始加密联系人数据库以实现隐私同步，确保联系人列表与账户绑定（而非设备），便于设备更换时的管理。 Meta在2020年初宣布，来自180多个国家的超过20亿用户正在使用WhatsApp视频通话和即时通讯平台。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

李彦宏发布两大新模型、多款 AI 应用，帮助开发者全面拥抱 MCP。

Пользователи Cursor и VS Codium вынуждены искать альтернативы.

A vulnerability was found in Trend Micro Apex One and Apex One as a Service. It has been declared as critical. This vulnerability affects unknown code of the component Damage Cleanup Engine. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-45797. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Aruba Networks EdgeConnect Enterprise up to 8.3.7.1/9.0.7.0/9.1.3.0/9.2.1.0. Affected by this vulnerability is an unknown functionality of the component Command Line Interface. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2022-37924. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Aruba EdgeConnect Enterprise up to 8.3.7.1/9.0.7.0/9.1.3.0/9.2.1.0. Affected is an unknown function of the component Web-based Management. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-37925. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Aruba EdgeConnect Enterprise up to 8.3.7.1/9.0.7.0/9.1.3.0/9.2.1.0. Affected by this vulnerability is an unknown functionality of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-37926. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Johnson Controls Software House iStar Pro Door Controller and classified as critical. This vulnerability affects unknown code. The manipulation leads to missing authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2024-32752. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Qt up to 6.7.x/6.8.3. Affected by this vulnerability is the function QTextMarkdownImporter of the component Markdown File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-3512. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Drupal Colorbox up to 2.1.2. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-3900. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Form Builder Plugin up to 4.18.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-1294. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Breeze Display Plugin up to 1.2.3 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument cal_size leads to cross site scripting. This vulnerability is traded as CVE-2025-3749. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in HCL Leap up to 9.3.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument no cache leads to use of cache containing sensitive information. This vulnerability is handled as CVE-2023-37516. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PHP up to 8.1.29/8.2.23/8.3.11 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-8926. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Schneider Electricが提供する複数の製品には、複数の脆弱性が存在します。

ALBEDO Telecomが提供するNet.Time - PTP/NTP clockには、不適切なセッション期限の脆弱性が存在します。

Vestelが提供するAC Chargerには、認可されていない相手への機微なシステム情報の漏えいの脆弱性が存在します。

76% of respondents have been impacted by incidents of device theft in the past two years, with incidents more common in organizations with more flexible working models, according to Kensington. For instance, research revealed that 85% of organizations with flexible working models experienced an incident of theft in the last 2 years, compared to 71% of organizations whose employees are fully onsite. The study, which surveyed 1,000 IT decision-makers representing a variety of industries, revealed … More →

The post Flexible working models fuel surge in device theft appeared first on Help Net Security.