Aggregator

A vulnerability was found in HCL DevOps Deploy and Launch. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-0256. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Forcepoint Email Security up to 8.5.5. It has been classified as problematic. This affects an unknown part. The manipulation leads to improper neutralization of script in attributes in a web page. This vulnerability is uniquely identified as CVE-2024-9103. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in api-platform core up to 4.1.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2025-23204. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Ukraine’s national railway company has suffered a “large-scale” cyber-attack, disrupting online services and operations

这些漏洞威胁超 6,500 个集群，可能导致集群被接管。

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to

African law enforcement authorities have arrested 306 suspects as part of 'Operation Red Card,' an INTERPOL-led international crackdown targeting cross-border cybercriminal networks. [...]

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]

How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this? So, these companies, called data brokers, collect everything they can about you – where you shop, what you search online, even stuff from public records – and then sell it to other companies, mostly for ads. The real problem lies in the lack of transparency since most people … More →

The post Protecting your personal information from data brokers appeared first on Help Net Security.

Java webshell的绕过

今日暂未更新资讯~
更多最新文章，请访问SecWiki

SERVER KILLERS Targeted the Website of Government Portal of Belgium

A vulnerability has been found in Uguu up to 1.8.9 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-55279. The attack can be launched remotely. There is no exploit available.

Alleged Sale of CarFax Law Enforcement Plate Search Service for USA and Canada

关于Java CommonsCollections 反序列化链 的进阶绕过技巧

库克（Tim Cook）来华出席了中国发展高层论坛，宣布设立 7.2 亿元清洁能源投资基金，该基金的目标是每年为中国电网新增约 55 万兆瓦时的风能和太阳能发电能力，帮助苹果达成到 2030 年全部碳足迹实现碳中和这一目标。库克在接受官媒采访时称赞了中国 AI 公司 DeepSeek，称其模型非常出色。苹果正在等待官方批准将 Apple Intelligence 引入国行版 iPhone 手机。国行 Apple Intelligence 据报道将使用阿里巴巴的大模型，原因是 Deepseek 团队缺乏支持像苹果这样的大客户所需的人力和经验。

Ассамблея против слежки МВД.

FCC chair warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.