Aggregator

Linus Torvalds 罕见的在美国时间周一早上而不是在传统的周日下午释出了 Linux Kernel 6.14，他解释说推迟发布的原因是“纯粹的无能”aka 他在忙其他事情时忘记了发布。6.14 的主要新特性包括：Btrfs RAID1 读平衡；NT 同步原语驱动，显著改进游戏性能；新的 fsnotify 事件 (FS_PRE_ACCESS)；支持 AMD NPU 的驱动 amdxdna；PowerPC 架构支持惰性抢占；使用 AMD Secure Encrypted Virtualization 的 x86 系统支持客户机的安全时间戳计数器；等等，更多可浏览 KernelNewbies 6.14 网页。

Authorities in seven African countries have arrested 306 suspects and seized 1842 devices in Operation Red Card

A sophisticated phishing campaign targeting Google account credentials through fake Semrush advertisements has emerged, posing a significant threat to digital marketers and SEO professionals. Cybercriminals have deployed numerous malicious advertisements that appear legitimate in Google search results, leveraging Semrush’s growing popularity in the SEO industry to lure unsuspecting victims. These fraudulent ads redirect users to […]

The post Hackers Using Fake Semrush Ads to Steal Google Accounts Login Credentials appeared first on Cyber Security News.

A vulnerability has been found in mndpsingh287 WP File Manager up to 6.4 and classified as problematic. This vulnerability affects unknown code of the file fm_backups of the component Backup Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2020-24312. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in File Manager Plugin up to 7.0 on WordPress. It has been classified as problematic. This affects an unknown part of the file /wp-admin/admin.php?page=wp_file_manager_properties. The manipulation of the argument User-Agent leads to cross site scripting. This vulnerability is uniquely identified as CVE-2021-24177. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Huawei E5573Cs-322 21.328.01.00.00. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to denial of service. This vulnerability is known as CVE-2018-7935. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in File Manager Plugin up to 7.2.1 on WordPress. Affected is an unknown function of the component Backup Filename Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-0761. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Cisco Duo up to 2.0.0 on Windows. It has been classified as problematic. This affects an unknown part of the component Authentication. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-20292. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco Duo up to 2.0.0 on Windows. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2024-20301. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2024-2317. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

The future of the CyberFirst Girls Competition and reflecting on brilliant progress.

A vulnerability was found in NLTK up to 3.6.4. It has been rated as problematic. This issue affects the function PunktSentenceTokenizer/sent_tokenize/word_tokenize of the component Regular Expression Handler. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2021-43854. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in nltk. Affected is an unknown function. The manipulation leads to incorrect regular expression. This vulnerability is traded as CVE-2021-3842. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting in unauthorized transactions and credential theft. The malicious actors behind this attack employ convincing Pocket […]

The post Pocket Card Users Under Attack Via Sophisticated Phishing Campaign appeared first on Cyber Security News.

tl;dr: There's no silver bullet for keeping secrets out of logs, but if we put several "lead bullets" in the right places, we have a good chance of success.

The post Keeping Secrets Out of Logs: Strategies That Work appeared first on Security Boulevard.

INTERPOL led a multi-national law enforcement operation dubbed “Operation Red Card,” which has resulted in the arrest of over 300 suspected cyber criminals.  Operation Red Card, conducted from November 2024 to February 2025, targeted cross-border criminal syndicates responsible for mobile banking fraud, investment scams, and messaging app exploitation. The operation involved law enforcement agencies from […]

The post Operation Red Card – 300+ Cyber Criminals Arrested Linking to Multiple Hacking Activities appeared first on Cyber Security News.

A vulnerability classified as problematic was found in Digium Asterisk. This vulnerability affects unknown code of the file chan_skinny.c of the component chan_skinny Channel Driver. The manipulation as part of Request leads to improper resource management. This vulnerability was named CVE-2017-17090. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.