Aggregator

A vulnerability was found in Themekraft BuddyForms Plugin up to 2.9.0 on WordPress. It has been declared as critical. This issue affects some unknown processing. Executing manipulation can lead to missing authorization. This vulnerability is registered as CVE-2025-62973. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in WPWebinarSystem WebinarPress Plugin up to 1.33.28 on WordPress. It has been classified as critical. This vulnerability affects unknown code. Performing manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-62972. It is possible to initiate the attack remotely. There is no exploit available.

Law enforcement agencies from the United States and France have seized the onion leak website operated by the notorious Scattered LAPSUS$ Hunters collective, displaying a prominent seizure notice featuring logos from the FBI, Department of Justice, and international partners. This coordinated action, executed around October 9, 2025, targeted the BreachForums infrastructure, which the group had […]

The post Scattered LAPSUS$ Hunters Onion Leak Website Taken Down By Law-enforcement Agencies appeared first on Cyber Security News.

A vulnerability was found in NikanWP WooCommerce Reporting Plugin up to 1.0.0 on WordPress and classified as problematic. This affects an unknown part. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2025-62957. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in designinvento DirectoryPress Plugin up to 3.6.25 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-62967. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in Estatik Plugin up to 4.1.13 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-62963. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Clifton Griffin Simple Content Templates for Blog Posts & Pages Plugin up to 2.2.61 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-62958. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in icc0rz Interactive Content Plugin up to 1.16.0 on WordPress. This impacts an unknown function. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-62951. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in BuddyDev Activity Plus Reloaded for BuddyPress Plugin up to 1.1.2 on WordPress. This affects an unknown function. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-62949. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in Matt McInvale Next Page Not Next Post Plugin up to 0.3.0 on WordPress. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-62943. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in dFactory Events Maker Plugin up to 1.6.14 on WordPress. The affected element is an unknown function. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-62941. The attack can be initiated remotely. There is not any exploit available.

HackerNews 编译，转载请注明出处： 微软于周四发布了带外安全更新，以修复一个Windows Server Update服务中的严重漏洞。该漏洞的概念验证漏洞利用已公开，并且已在野外遭到积极利用。 相关漏洞为CVE-2025-59287（CVSS评分：9.8），这是WSUS中的一个远程代码执行漏洞。该漏洞最初由微软在上周发布的”补丁星期二”更新中进行了修复。 三位安全研究人员 MEOW、f7d8c52bec79e42795cf15888b85cbad 以及 CODE WHITE GmbH 的 Markus Wulftange 因发现并报告此漏洞而获得致谢。 该缺陷涉及WSUS中不受信任数据的反序列化问题，允许未经授权的攻击者通过网络执行代码。值得注意的是，该漏洞不影响未启用WSUS服务器角色的Windows服务器。 在一个假设的攻击场景中，远程未经身份验证的攻击者可以发送一个特制的事件，该事件会在”传统序列化机制”中触发不安全的对象反序列化，从而导致远程代码执行。 根据HawkTrace的安全研究员Batuhan Er的说法，该问题”源于发送到GetCookie()端点的AuthorizationCookie对象的不安全反序列化，其中加密的cookie数据使用AES-128-CBC解密，随后通过BinaryFormatter进行反序列化，但缺乏适当的类型验证，从而使得能够以SYSTEM权限执行远程代码。” 值得注意的是，微软自己此前曾建议开发人员停止使用BinaryFormatter进行反序列化，因为该方法在处理不受信任的输入时不安全。BinaryFormatter的一个实现随后在2024年8月的.NET 9中被移除。 “为全面解决CVE-2025-59287，微软已为以下受支持的Windows Server版本发布了带外安全更新：Windows Server 2012、Windows Server 2012 R2、Windows Server 2016、Windows Server 2019、Windows Server 2022、Windows Server 2022, 23H2版（Server Core安装）以及Windows Server 2025，”微软在一次更新中表示。 安装补丁后，建议执行系统重启以使更新生效。如果无法应用此带外更新，用户可以采取以下任一行动来防范该漏洞： 在服务器中禁用WSUS服务器角色（如已启用） 在主机防火墙上阻止对端口8530和8531的入站流量 “在安装更新之前，请勿撤销任何这些临时解决方案，”微软警告说。 此消息发布之际，荷兰国家网络安全中心表示，其从”可信合作伙伴处获悉，在2025年10月24日观察到了CVE-2025-59287的滥用行为。” 向NCSC-NL报告了此次野外利用的Eye Security表示，他们首次观察到该漏洞在UTC时间早上6:55被利用，目的是投递一个针对某未具名客户的Base64编码的有效载荷。该有效载荷是一个.NET可执行文件，”获取请求头’aaaa’的值并使用cmd.exe直接运行它。” “这是发送给服务器的有效载荷，它使用名为’aaaa’的请求头作为要执行命令的源，” Eye Security的首席技术官Piet Kerkhofs告诉The Hacker News。”这避免了命令直接出现在日志中。” 当被问及利用行为是否可能早于今天发生时，Kerkhofs指出，”HawkTrace的概念验证两天前就发布了，它可以使用标准的ysoserial .NET有效载荷，所以是的，利用所需的要素已经具备。” 网络安全公司Huntress也表示，他们检测到威胁行为者从大约UTC时间2025年10月23日23:34开始，针对公开暴露在其默认端口（8530/TCP和8531/TCP）上的WSUS实例。然而，该公司指出，由于WSUS通常不会暴露8530和8531端口，CVE-2025-59287的利用范围可能有限。 “攻击者利用暴露的WSUS端点发送特制请求（对WSUS Web服务的多个POST调用），触发了针对更新服务的反序列化远程代码执行，”该公司表示。 此次利用活动导致WSUS工作进程生成了”cmd.exe”和PowerShell实例，从而下载并执行了一个Base64编码的PowerShell有效载荷，目的是枚举暴露的服务器以获取网络和用户信息，并将结果外泄到攻击者控制的webhook[.]site URL。 “我们现在看到对微软WSUS服务中的预身份验证远程代码执行漏洞进行了无差别的野外利用，该漏洞在10月初被披露，” watchTowr的Benjamin Harris在一份声明中表示。”此漏洞的利用是无差别的。” “如果一个未打补丁的WSUS实例在线，那么在此阶段，它很可能已经被攻陷。在2025年，真的没有任何合法理由让WSUS可以从互联网访问——任何处于这种情况的组织可能需要指导来了解他们是如何陷入这种境地的。” “我们已经观察到8000多个实例暴露在外，包括极其敏感、高价值的组织。这不仅限于低风险环境——一些受影响的实体正是攻击者优先考虑的目标类型。” 当联系置评时，微软的一位发言人告诉该刊物：”我们在发现初始更新未能完全缓解该问题后重新发布了此CVE。已安装最新更新的客户已受到保护。” 该公司还强调，该问题不影响未启用WSUS服务器角色的服务器，并建议受影响的客户遵循其CVE页面上的指南。 鉴于概念验证漏洞利用的可用性和已检测到的利用活动，用户必须尽快应用补丁以减轻威胁。美国网络安全和基础设施安全局也已将该漏洞添加到其已知被利用漏洞目录中，要求联邦机构在2025年11月14日之前进行修复。   消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

前言上文中我们讲述了直接系统调用技术，它可以不使用ntdll中的Syscall（系统调用）指令，自己在代码中实现、用以绕过针对ntdll中函数的hook，特点是Syscall指令在程序自身的内存空间中，而不是ntdll的内存空间中，由此，AV/EDR也有了相应的检测机制，如果发现Syscall指令不在ntdll内存空间中，则将其视为可疑的IoC，攻击者为了消除这个IoC，间接系统调用技术在此背景下

The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. "The omnibox (combined address/search bar) interprets input either as a URL to navigate to, or as a natural-language command to the agent," NeuralTrust said in a report published Friday

加密算法逆向分析

本文主要讨论了CodeQL在Java项目通过自定义isBarrier规则来净化某些数据类型，从而减少误报。 还介绍了提取Spring框架中Controller方法的URL路径。

用友U8 Cloud NCCloudGatewayServlet接口任意文件上传漏洞分析

ntdll kernel32 模块基址获取新思路

A vulnerability labeled as problematic has been found in Nick Diego Blox Lite Plugin up to 1.2.8 on WordPress. Impacted is an unknown function. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-62940. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in Apiki GoCache Plugin up to 1.3.6 on WordPress. This issue affects some unknown processing. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-62966. It is possible to initiate the attack remotely. There is no exploit available.