Aggregator

A vulnerability was found in Adobe Commerce up to 2.4.4-p13/ 2.4.5-p12/ 2.4.6-p10/ 2.4.7-p5/2.4.8 and classified as problematic. This issue affects some unknown processing of the component Security Feature. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-49550. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Commerce up to 2.4.4-p13/ 2.4.5-p12/ 2.4.6-p10/ 2.4.7-p5/2.4.8 and classified as problematic. This vulnerability affects unknown code of the component Security Feature. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-49549. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

PNG第三版规范发布，新增APNG动态图、HDR图像支持及Exif元数据功能。APNG可替代GIF动态图；HDR扩展颜色范围；Exif存储版权、相机型号等信息。

A vulnerability, which was classified as problematic, was found in OpenBao up to 2.2.x. This affects the function disable_unauthed_rekey_endpoints of the component Setting Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-52894. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in IBM WebSphere Application Server 8.5/9.0. Affected by this issue is some unknown functionality of the component Sequence Handler. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-36038. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

D3CTF 2025 d3kshrm题解

Embed Security unveiled its agentic security platform that autonomously triages and investigates alerts, empowering detection and response teams to focus on what matters most. “Over the last 90 days of using Embed, we’ve saved approximately 155 analyst hours per month. This has enabled our team to tackle more pressing issues, rather than chasing false positives,” said both R. Allen Darrah, Chief Information Officer and Wai Sheng Cheng, Information Security & Risk Manager, of Spencer Fane. … More →

The post Embed’s agentic security platform triages and investigates security alerts appeared first on Help Net Security.

Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to manage different applications at scale. Kanister is composed of three main components: the Controller and two Custom Resources – ActionSets and Blueprints. Kanister features Built for Kubernetes: Kanister uses Kubernetes Custom Resource Definitions (CRDs), … More →

The post Kanister: Open-source data protection workflow management tool appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2025-06-26, 82 days ago. The vendor is given until 2025-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2025-06-26, 82 days ago. The vendor is given until 2025-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mark Vincent Yason (markyason.github.io)' was reported to the affected vendor on: 2025-06-26, 82 days ago. The vendor is given until 2025-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

株式会社いろはソフトが提供するiroha Boardには、複数の脆弱性が存在します。

Talkback.sh 是一个智能的信息安全库，自动聚合来自 1000 多个 RSS feeds、社交媒体和会议档案等内容，并进行分类和摘要处理。用户可通过个性化订阅、过滤器和时间轴等方式浏览和搜索。

本文约3247字，预计阅读时间10分钟。

当前环境出现异常，需完成验证后方可继续访问。

ProjectDiscovery的httpx v1.7.0存在远程DoS漏洞，通过返回畸形标签可触发崩溃。问题源于trimTitleTags函数中缺少边界检查导致切片越界。此漏洞影响自动化扫描工具，修复已提交。

文章探讨了Windows注册表在安全中的重要性，通过一个C++程序演示了注册表操作技术及其在攻击中的应用，强调了其在持久性、绕过检测和行为改变中的作用，并为防御提供了建议。

WhatsApp推出AI功能Message Summaries，利用Meta AI自动总结未读消息。该功能基于Private Processing技术，在安全环境中处理数据以保护隐私。目前仅在美国英语用户中上线，并计划扩展至其他地区和语言。

Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to

国内外监管的关注重点