Aggregator

Миллионы серверов оказались беззащитными перед новой угрозой.

The Chinese state-sponsored group APT41 is accused of using a fake email impersonating a U.S. representative containing spyware and sent to government agencies, trade groups, and laws firms to gain information about U.S. strategy in trade talks with China.

The post Chinese Group Accused of Using Fake U.S. Rep. Email to Spy on Trade Talks appeared first on Security Boulevard.

A vulnerability was found in Foxit PDF Reader and classified as critical. This affects an unknown function of the component JP2 File Parser. Executing manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2025-9323. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Foxit PDF Reader. It has been declared as critical. Affected is an unknown function of the component PRC File Parser. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-9324. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Foxit PDF Reader. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component PRC File Parser. This manipulation causes out-of-bounds read. This vulnerability appears as CVE-2025-9325. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Foxit PDF Reader. Affected by this issue is some unknown functionality of the component PRC File Parser. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-9327. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in code-projects Mobile Shop Management System 1.0. It has been classified as critical. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-9841. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/facilitator.php. Performing manipulation of the argument code results in sql injection. This vulnerability is known as CVE-2025-9766. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been declared as critical. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. This vulnerability is known as CVE-2025-9730. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical was found in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. This vulnerability is cataloged as CVE-2025-9726. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. This vulnerability is reported as CVE-2025-9729. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Zoom Workplace, Workplace VDI, Rooms, Rooms Controller and Meeting SDK up to 6.3.9 on Windows and classified as problematic. The impacted element is an unknown function. Such manipulation leads to untrusted search path. This vulnerability is listed as CVE-2025-49457. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Zoom Workplace, Workplace VDI, Rooms, Rooms Controller and Meeting SDK on Windows. It has been classified as problematic. This affects an unknown function of the component Installer. Performing manipulation results in race condition. This vulnerability is cataloged as CVE-2025-49456. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is recommended.

Name: BlackHat MEA CTF Qualification 2025 (an Blackhat MEA CTF event.)
Date: Sept. 7, 2025, 10 a.m. — 08 Sept. 2025, 10:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://blackhatmea.com/capture-the-flag
Rating weight: 25.83
Event organizers: SAFCSP

2025年9月8日，网络安全法修正草案首次提请全国人大常委会会议审议。

一项调查发现，一个由乌克兰公司组成的网络生产了逾 1500 篇论文，该网络可能是欧洲最大的论文工厂。柏林自由大学科研诚信侦探兼社会科学家 Anna Abalkina 在 2022 年发现了该论文工厂，她注意到有些论文作者的电邮地址域名与其学术机构的地理位置不匹配。她选择了这些域名中的一个最常用的，称呼该论文工厂为 Tanu.pro。Abalkina 与 Springer Nature 集团的 Svetlana Kleiner 合作跟踪了这些可疑域名，相关域名出现在 2017-2025 年之间发表的 1517篇论文的署名作者电邮中，涉及 46 个国家的 460 所大学的 4500 多名研究人员。大多数作者来自乌克兰、哈萨克斯坦和俄罗斯。

SecWiki周刊（第601期) by ourren

网络安全大模型的路线和方向 by ourren

更多最新文章，请访问SecWiki

Hackers exploit a Sitecore zero-day (CVE-2025-53690) to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution (RCE).

UltraViolet Cyber has acquired the application security testing services arm of Black Duck Software as part of an effort to expand the scope of the managed security services it provides. Company CEO Ira Goldstein said this addition to its portfolio will provide penetration testing, red teaming, threat modeling, cloud and container risk assessments, architecture risk..

The post UltraViolet Cyber Acquires Application Security Testing Service from Black Duck appeared first on Security Boulevard.