Aggregator

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nitesh Surana (niteshsurana.com) & Nelson William Gamazo Sanchez of Trend Research' was reported to the affected vendor on: 2025-07-09, 77 days ago. The vendor is given until 2025-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'William Gamazo Sanchez and Nitesh Surana of Trend Research' was reported to the affected vendor on: 2025-07-09, 36 days ago. The vendor is given until 2025-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'David Fiser and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-09, 77 days ago. The vendor is given until 2025-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Security researchers have uncovered two significant vulnerabilities in Zoom Clients for Windows, exposing users to potential Denial of Service (DoS) attacks. The flaws, identified as classic buffer overflow vulnerabilities, could allow an authorized user to disrupt Zoom services via network access. Both issues have been assigned medium severity ratings, and Zoom has released updates to […]

The post Zoom for Windows Flaw Allows Attackers to Trigger DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Adobe Framemaker up to 2020.8/2022.6. Affected is an unknown function. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-47128. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Framemaker up to 2020.8/2022.6 and classified as critical. This vulnerability affects unknown code. The manipulation leads to integer underflow. This vulnerability was named CVE-2025-47130. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

微软奖励计划通过Chrome插件自动完成Bing搜索和任务获取积分，可用于兑换礼品卡。

图：2025年7月8日报道截图。一场隐秘但震撼的军事变革正在T海悄然上演。

Минтруд объяснил, почему биткоин — не деньги.

本周，互联网网络安全态势整体评价为良。

关注公众号即可获取最新情报列表07-09

Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping between different programs. “At its core, the tool leverages Excel as the backend. It includes a note-taking features that uses Markdown, allowing investigators to write structured, portable notes. These notes can be easily exported or … More →

The post Kanvas: Open-source incident response case management tool appeared first on Help Net Security.

美国检察官寻求引渡一名33岁中国公民徐泽炜，指控其参与中国政府资助的网络间谍活动。他涉嫌入侵德克萨斯大学窃取新冠疫苗信息，并参与2021年针对微软Exchange服务器的大规模攻击。徐泽炜近期在米兰被捕，面临多项罪名指控。

A 33-year-old Chinese national linked to the Silk Typhoon espionage group was arrested in Italy on a U.S. warrant that accuses him of conspiring with others in hacks of U.S. COVID-19 vaccine researchers and exploiting flaws in Microsoft Exchange Server to steal information for the Chinese government.

The post Chinese Hacker Linked to Silk Typhoon Charged With Stealing COVID Data appeared first on Security Boulevard.

AI 助手，向着「低调实用」方向发展。

当前环境出现异常，需完成验证后才能继续访问。

文章的研究显示，广泛使用的商用LLM可能被滥用以生成钓鱼网站和电子邮件。

A vulnerability was found in Emerson ValveLink SOLO, ValveLink DTM, ValveLink PRM and ValveLink SNAP-ON up to 13.x. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2025-53471. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Emerson ValveLink SOLO, ValveLink DTM, ValveLink PRM and ValveLink SNAP-ON up to 13.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2025-48496. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Emerson ValveLink SOLO, ValveLink DTM, ValveLink PRM and ValveLink SNAP-ON up to 13.x. It has been classified as problematic. Affected is an unknown function. The manipulation leads to protection mechanism failure. This vulnerability is traded as CVE-2025-46358. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.