Aggregator

A vulnerability was found in Tenable Nessus Agent up to 10.8.2 on Windows. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2025-24915. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LibreOffice up to 7.0.4/7.1.0. It has been classified as critical. This affects an unknown part of the component ODF Document Handler. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2021-25635. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists. [...]

A vulnerability was found in vercel Next.js up to 14.2.24/15.2.2 and classified as critical. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument x-middleware-subrequest leads to improper authorization. This vulnerability is handled as CVE-2025-29927. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in youki up to 0.5.2 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2025-27612. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Guangzhou Hongfan Technology iOffice20. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-57490. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record Management System 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument searchinputdata leads to sql injection. The identification of this vulnerability is CVE-2025-29641. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /patient-report.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability was named CVE-2025-29640. The attack can be initiated remotely. There is no exploit available.

Виноват файл, на который вы даже не нажали.

布隆伯格(Michael Bloomberg)认为，过去二十年美国学区花了数十亿美元为教室配备笔记本电脑，然而学生的基本技能却下降了。目前有约九成的美国学校为学生提供​​了笔电，但学生的考试成绩则徘徊在历史最低点——只有 28% 的八年级学生熟练掌握数学，30% 的八年级学生熟练掌握阅读。研究证实，传统方法——在纸上阅读和写作——仍然优于基于屏幕的方法。设备会分散学生的注意力，研究表明，非学习活动后需要长达 20 分钟的时间才能重新集中注意力。布隆伯格建议学校重新考虑课堂电脑政策，呼吁学校重新使用书本和笔，而不是笔记本电脑和平板电脑。

Linux 6.14 возвращает старую логику планировщика задач.

A vulnerability, which was classified as problematic, was found in FlowiseAI Flowise up to 1.4.3. This affects an unknown part of the file /api/v1/public-chatflows/id of the component 404 Page. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-36423. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Easy Google Maps Plugin up to 1.11.15 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-5219. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Post Grid Plugin up to 7.7.1 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Title Tag Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1427. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in FFmpeg 7.0. It has been rated as critical. Affected by this issue is the function copy_column of the file libavfilter/vf_tiltandshift.c. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-32229. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in CocoaPods. This affects an unknown part. The manipulation leads to exposure of data element to wrong session. This vulnerability is uniquely identified as CVE-2024-38367. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in FFmpeg 7.0. This vulnerability affects the function hevc_frame_end of the file libavcodec/hevcdec.c. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-32228. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in FFmpeg 7.0 and classified as critical. Affected by this issue is the function load_input_picture of the file libavcodec/mpegvideo_enc.c. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-32230. The attack may be launched remotely. There is no exploit available.

英伟达一年一度的开发者大会 GTC 于 3 月 21 日闭幕，这次会议凸显了中美 AI 加速分裂。在 GTC 会场上，阿里巴巴和腾讯展示了 AI 研究成果。在线上，包括百度在内的多家中国企业，以及英伟达的华人员工，还专门举行了一场全程仅用中文交流的讨论会。英伟达 CEO 黄仁勋被问及中美对立的影响时回答：“据我观察，全球 AI 研究人员中有一半来自中国。在所有美国的 AI 研究所中，优秀的中国研究人员数量众多，绝无例外”。对于英伟达来说，如果分裂进一步加剧，其收益对美国的“依赖”可能会增强。自美国政府加强管制以来，中国市场销售额的占比一直在降低。从英伟达的中国销售额在总销售额中的占比来看，2024 财年（截至2025年1月）为总体的 13%，比 2021 财年减少了一半。

Speaker: Mishaal Khan

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite []DEF CON 32]2 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Recon Village – GeoINT Mastery: A Pixel Is Worth A Thousand Words appeared first on Security Boulevard.