Aggregator

A vulnerability has been found in IBM Security Verify Access and Security Verify Access Docker up to 10.0.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component OIDC Provider Handler. The manipulation leads to open redirect. This vulnerability is known as CVE-2024-35133. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

近年来在数据要素登记确权和数据要素产业化方面已取得了一批富有成效的场景化应用。但从全国整体来看，数据要素开发利用与高质量发展要求相比，数据确权与基础制度有待完善，数据流通与交易机制不畅，隐私保护与安全风险突出，应用场景与价值释放受限。

《经济金融领域年度网络辟谣榜》系统梳理了近一年来经济金融领域的典型网络谣言，通过深度拆解谣言传播套路，向社会公众清晰传递事实真相，为维护健康有序的网络营商环境注入重要力量。

中央宣传部、公安部于6月16日联合启动“全民反诈在行动”集中宣传月活动，进一步加大反诈宣传力度，不断提升群众防骗意识，切实营造全社会反诈浓厚氛围。

关于第二届“长城杯”信息安全铁人三项赛（作品赛）报名时间调整的通知

Все ждали объяснений сбоя. Теперь ясно: он был не случайностью, а закономерностью.

拆解多种常见的混淆手法、分析多种优秀开源混淆器的实现

黑客盯上 Discord，AsyncRAT 引发加密货币安全危机

看雪论坛作者ID：CCTV果冻爽

Trend Micro identified a novel “wipe mode” included in Anubis ransomware to prevent file recovery, increasing pressure on victims to give in to demands

Artificial intelligence is changing everything – from how we search for answers to how we decide who gets hired, flagged, diagnosed, or denied.

Related: Does AI take your data?

It offers speed and precision at unprecedented scale. But without intention, … (more…)

The post GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale first appeared on The Last Watchdog.

The post GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale appeared first on Security Boulevard.

A major security alert has been issued for Android users after cybersecurity researchers uncovered more than 20 malicious applications on the Google Play Store designed to steal users’ login credentials, specifically targeting cryptocurrency wallet holders. The campaign, identified by Cyble Research and Intelligence Labs (CRIL), reveals a sophisticated phishing operation that has already compromised the […]

The post Over 20 Malicious Google Play Apps Steal Users’ Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Электросети, насосы, железные дороги — мелкие операторы превращаются в приоритетные цели для киберударов.

持续关注“看得见、摸得着”的优秀AI大模型落地应用，为甲方选型提供参考和帮助。

A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. This vulnerability was named CVE-2025-6105. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-6106. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. This vulnerability is known as CVE-2025-6108. The attack can be launched remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6110. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability was named CVE-2025-6111. The attack can be initiated remotely. Furthermore, there is an exploit available.