Aggregator

Они защищали свои книги от ИИ 4 года, а суд решил за 5 минут.

New Citrix flaw ‘CitrixBleed 2’ lets attackers steal session cookies without logging in, echoing a previously exploited vulnerability. A new flaw in Citrix NetScaler ADC and Gateway, dubbed ‘CitrixBleed 2‘ (CVE-2025-5777, CVSS v4.0 Base Score of 9.3), can allow unauthenticated attackers to steal session cookies, similar to a past critical exploit. The vulnerability is an […]

CitrixBleed 2（CVE-2025-5777）是一种高危漏洞（CVSS v4.0 Base Score 9.3），影响Citrix NetScaler ADC和Gateway设备。该漏洞允许未认证攻击者窃取会话cookie并读取内存中的敏感信息，类似于之前的 CitrixBleed 漏洞。受影响版本包括NetScaler ADC 12.1-FIPS、14.1、13.1-FIPS等特定版本。建议用户升级至修复版本，并终止活跃会话以降低风险。

Bitdefender announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and associated vulnerabilities. GravityZone EASM dramatically reduces threat exposure and strengthens security operations through centralized discovery, monitoring, and management of expanding attack surfaces. The attack surface, encompassing all potential entry points for adversaries, is rapidly expanding due to digital transformation, cloud adoption, remote work, and increased connectivity … More →

The post Bitdefender GravityZone EASM reduces threat exposure appeared first on Help Net Security.

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected

自2023年7月以来，网络犯罪分子利用开源和公开工具对非洲金融机构发起攻击。研究机构追踪到该活动并怀疑其目标是获取初始访问权限后转售给其他犯罪分子。攻击者使用PoshC2等工具，并伪造合法应用签名以掩盖恶意行为。同时，新的勒索软件团伙已影响多国受害者。

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-6693. It is possible to launch the attack on the local host. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #595871 / VDB-313959

Submit #595870 / VDB-313959

Submit #595827 / VDB-313959

Submit #595869 / VDB-313959

Submit #595814 / VDB-313959

Submit #595813 / VDB-313959

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matters. It’s no longer enough to merely patch known flaws; security teams must now [...]

The post Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities appeared first on Wallarm.

The post Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities appeared first on Security Boulevard.

人工智能（AI）显著改变了API安全格局，引入了自动化攻击、逻辑漏洞和业务逻辑滥用等新威胁。传统安全措施难以应对这些智能且快速演化的攻击。建议采用实时检测、强化认证机制和全面监控所有API以增强防护能力。

Обновите свой WinRAR как можно скорее!

摩托罗拉 Razr 60 Ultra 以其时尚设计和创新功能吸引用户。其4英寸外屏和7英寸内屏提供多样的使用体验，搭载骁龙8 Elite旗舰芯片和4700mAh电池，续航表现优异。然而，机身较重（199g）且宽度较大（74mm），握持感欠佳。系统本地化尚可，但AI功能如语音助手表现平平。整体而言，该机适合追求外观与便携性的用户。

Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply named Gemini CLI, is designed to act as a local AI assistant that supports complex developer workflows such as code refactoring, documentation generation, executing shell commands, running scripts, and editing files. Gemini CLI offers 60 model requests per … More →

The post Google’s Gemini CLI brings open-source AI agents to developers appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in iroha Soft iroha Board up to 0.10.12. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-48497. The attack may be launched remotely. There is no exploit available.