Aggregator

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-3164. The attack may be launched remotely. Furthermore, there is an exploit available.

因为现在shellcode加载器到处都是，总结了一下加密混淆和加载的几种方式，欢迎与各位师傅交流学习

CyberQP has launched its Zero Trust Helpdesk Security Platform—combining QGuard for Privileged Access Management (PAM) and QDesk for End-User Access Management (EUAM). This unified solution helps IT teams reduce risk, improve efficiency, and eliminate standing privileges across the organization. A key innovation of the platform is End-User Elevation, which allows users to gain temporary admin access without persistent privileges. By automating approval processes and monitoring activity in real-time, CyberQP dramatically reduces attack surfaces while maintaining … More →

The post CyberQP launches Zero Trust Helpdesk Security Platform appeared first on Help Net Security.

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. This vulnerability is known as CVE-2025-3163. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-3162. Attacking locally is a requirement. Furthermore, there is an exploit available.

Submit #542528 / VDB-303110

Submit #542527 / VDB-303109

Submit #542520 / VDB-303108

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-3161. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #542441 / VDB-206013

Lawsuits Allege Cybercrime Gang Medusa Stole Data of 132,000 People
An Arizona-based medical imaging practice with locations in 11 states is notifying patients that their data was compromised in a January cyberattack. Litigation filed against the company allege ransomware gang Medusa stole sensitive data pertaining to at least 132,000 people in the incident.

Inside North Korea's IT Scam Network Now Shifting to Europe
North Koreans posing as remote IT workers have spread to Europe, where one Pyongyang fraudster assumed at least 12 personas to target companies in Germany, Portugal and the United Kingdom. Western companies have grappled for years with the prospect of unintentionally hiring a North Korean national.

Integrated Tools Across Generative AI Security, DSPM, DDR Key to Growth Strategy
Cyberhaven is building a data security platform to address evolving risks in generative AI, DSPM and beyond. Backed by $100 million, CEO Howard Ting says the firm will use the funds to expand its portfolio and go-to-market footprint while staying independent.

Chinese Hackers Are Pre-Positioned, and Top Officials Could Be Making Matters Worse
Experts told lawmakers on Wednesday that without urgent federal action to strengthen cyber defenses and additional efforts to improve the cybersecurity practices of some of the highest ranking government officials, another Salt Typhoon attack could be just around the corner.

Breaking down why traditional defense-in-depth strategies fail and what security teams must do to truly outsmart attackers. 

The post Defense in Depth is Broken – It’s Time to Rethink Cybersecurity  appeared first on Security Boulevard.

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-3160. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-3159. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-3158. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

Submit #542437 / VDB-303107

Analyzing malware has become increasingly challenging, especially with the growing popularity of programming languages like Golang. Golang, or Go, has captivated developers for its extensive features but has also proven to be an attractive choice for malware authors, thanks to its embedded libraries, sizable binaries, and potential for obfuscation. To combat these challenges, Volexity has […]

The post GoResolver: A Powerful New Tool for Analyzing Golang Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.