Aggregator

A vulnerability, which was classified as critical, was found in chillzhuang SpringBlade 4.5.0. This vulnerability affects the function authRoutes. The manipulation results in improper access controls. This vulnerability was named CVE-2025-70983. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as critical has been discovered in Aptsys POS Platform Web Services Module up to 2025-05-28. This impacts an unknown function of the component Internal API. The manipulation results in improper authentication. This vulnerability is cataloged as CVE-2025-52024. The attack may be launched remotely. There is no exploit available.

A vulnerability described as critical has been identified in Aptsys gemscms POS Platform Backend up to 2025-05-28. This affects an unknown part of the component GetServiceByRestaurantID Endpoint. Executing a manipulation can lead to sql injection. This vulnerability appears as CVE-2025-52025. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic has been found in TeamViewer DEX Client up to 26.0 on Windows. This impacts an unknown function of the file NomadBranch.exe of the component Content Distribution Service. This manipulation causes out-of-bounds read. This vulnerability appears as CVE-2026-23568. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in TeamViewer DEX Client up to 26.0 on Windows. It has been rated as critical. The affected element is an unknown function of the component RPC Handler. Performing a manipulation results in link following. This vulnerability is identified as CVE-2026-23563. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in docopt.cpp 0.6.2. Affected by this issue is the function LeafPattern::match. The manipulation results in integer overflow. This vulnerability was named CVE-2025-67125. The attack needs to be approached within the local network. There is no available exploit.

伪装成漏洞检测工具样本分析

漏洞简介2.9.4 之前的 Chainlit 版本在 /project/element 更新流程中存在任意文件读取漏洞。认证客户端可以发送带有用户控制路径值的自定义元素，从而使服务器将引用的文件复制到攻击者的会话中。由此产生的元素标识符（chainlitKey）可以通过 /project/file/<chainlitKey> 检索文件内容，从而允许披露 Chainlit 服务可读取的任

vm2沙箱逃逸漏洞（CVE-2026-22709）

这款老设备它运行着一套老旧的 PHP 代码，此前团队已经过数次审计，我本人就热衷于在高难度的 Web 环境中挖掘漏洞。往往这种旧设备功能模块单一，即使存在漏洞也是复杂且隐蔽的，可能得将各类漏洞进行综合利用，才能完成一整条完整的漏洞利用链。

New Year CTF 2026 Writeup

国立研究開発法人情報通信研究機構（NICT）は、「NICTER観測レポート2025」を公開しました。NICTERプロジェクトの大規模サイバー攻撃観測網における2025年の観測結果をまとめています。

我们讲继续努力发展各个小组的优势，变的更强

A PoC for CVE-2026-1731 hit GitHub on Feb 10. Within 24 hours, GreyNoise observed reconnaissance probing for vulnerable BeyondTrust instances.

规范政务数据共享，促进政务数据安全利用。

Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. [...]

Why Modern Threat Modeling Must Account for State Control of Infrastructure
CISOs for decades viewed governments as partners. That assumption is weakening. Today, state control over infrastructure needs be part of threat modeling and business continuity planning for global security leaders - and it's time for CISOs to reassess dependencies and trust boundaries.

UK Rollout to Link Arco's Cybersecurity Assurance With Sophos's Threat Intelligence
Sophos acquired Arco to expand into cybersecurity assurance and compliance, launching a new CISO Advantage capability. The company plans a phased rollout starting in the U.K., integrating Arco’s risk and regulatory mapping platform with Sophos Central and its global threat intelligence operations.

Singapore Signals Heightened Vigilance Against State-Linked Threat Actors
Singapore conducted a yearlong, multi-agency cyber defense operation to expel UNC3886 from all four major telecom providers after the advanced threat actor accessed segments of critical communications infrastructure and extracted limited technical data without disrupting services.

AI Is Transforming Economics But Enterprise IT Architecture Issues Are Still Here
While AI systems such as Claude lower the marginal cost of writing code and automating discrete tasks, especially when it comes to early-stage work including prototyping and front-end design, the idea that AI will lay waste to the industry is overblown, analysts say.