Aggregator

A vulnerability marked as problematic has been reported in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. This vulnerability was named CVE-2025-11839. The attack needs to be approached locally. In addition, an exploit is available.

A vulnerability described as problematic has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The identification of this vulnerability is CVE-2025-11840. The attack can only be executed locally. Furthermore, there is an exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as critical has been detected in libsoup. Impacted is an unknown function of the component HTTP2 Handler. This manipulation causes use after free. This vulnerability appears as CVE-2025-12105. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in Dell Storage Manager up to 2020 R1.20. Affected by this vulnerability is an unknown functionality of the component DSM Data Collector. Such manipulation leads to improper authentication. This vulnerability is referenced as CVE-2025-43995. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

HackerNews 编译，转载请注明出处： 瑞典国家电网运营商正在调查一起数据泄露事件。 此前，某勒索软件组织威胁称将公开数百GB据称窃取的内部数据。 国有电力传输系统运营商Svenska kraftnät表示，此次事件仅影响其”受限的外部文件传输系统”，未对瑞典电力供应造成干扰。 首席信息安全官Cem Göcgören在声明中称：”我们对此事件高度重视，并已立即采取行动。虽然此事可能引发担忧，但电力供应未受影响。” 勒索团伙Everest上周末在其泄密网站宣称实施此次攻击，声称已窃取约280GB数据，并表示若该机构不满足其要求将公开数据。 该团伙此前曾声称对都柏林机场、阿拉伯航空和美国航空航天供应商柯林斯航空航天发动攻击——其中9月的攻击导致欧洲多国航班运营陷入混乱。这些说法尚未得到独立核实。 Svenska kraftnät表示正与警方及国家网络安全机构紧密合作，以确定泄露范围及可能暴露的数据。该企业尚未将攻击归因于特定威胁行为体。 Göcgören强调：”我们当前评估认为，关键任务系统未受影响。在获得确认信息前，现阶段不对攻击者身份或动机置评。” 消息来源：therecord.media； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Наставники будущих кибербойцов не смогли защитить даже собственные веб-сервисы.

HackerNews 编译，转载请注明出处： 与俄罗斯有关联的网络犯罪团伙”Everest Group”在其暗网泄密网站上将爱尔兰都柏林机场列为受害者，指控其发动了此次勒索软件攻击。都柏林机场年客流量逾3500万人次，为40家航空公司提供超过150个航点的服务。 此前该团伙刚宣称攻破柯林斯航空航天公司及其用于值机服务和旅客管理的MUSE软件系统，该攻击曾导致欧洲多座主要机场瘫痪数日，引发航运混乱。 管理都柏林机场的公司Daa此前曾发布声明，称乘客数据是因第三方系统遭入侵而受影响。 此次黑客的声明可能与此前柯林斯航空航天公司的数据泄露事件相关，也可能意味着航空领域正遭受新一轮攻击。 目前该犯罪团伙尚未发布数据样本佐证其声明。其受害者网站上发布的公告包含倒计时器，显示机场方若未在五日内联系黑客，被盗数据将被公开。 勒索软件组织通常通过在暗网泄密网站公布受害者名单，企图胁迫相关机构支付赎金，否则将面临敏感数据泄露的严重后果。 该勒索软件组织声称窃取了包含旅客个人信息与航班运营数据的敏感信息。据其声明，被盗数据集涉及1,533,900条个人记录。 据称泄露内容包含：乘客全名、航班号、座位信息、起降机场、票号、常旅客信息，甚至涵盖办理值机及生成登机牌时所使用的设备详情。 都柏林机场疑似泄露数据类型清单 全名 旅客状态及分类（如成人/儿童/员工） 常旅客航空公司、会员编号及等级 免费行李额度与快速通关资格 预订编码(PNR) 航空公司名称及数字代码 航班号与日期 起降机场代码 座位号及舱位等级 序列号与航段数量 市场方与实际承运方 机票凭证及序列号 电子机票标识 登机牌签发来源及日期 证件类型与签发航司代号 安检抽检标识 国际证件验证状态 行李牌编号（含非连续编号） 值机或登机设备名称、ID及类型 工作站ID与时间戳 起飞日期与时间 条形码格式及软件版本号 若此次泄露被证实属实，旅客身份信息、航班规律、会员凭证及数字接触点都将面临曝光风险。 据信该团伙与BlackByte勒索组织存在关联。5月22日，Everest瞄准可口可乐中东分公司，最终泄露了该公司多个分销中心近千名员工资料。 作为对全球最大可口可乐装瓶商”可口可乐欧洲太平洋伙伴”大规模攻击的一环，该勒索组织据称窃取了约2300万条数据。 在对可口可乐攻击数日后，该组织又宣称攻破阿联酋知名国际私立医院Mediclinic、阿布扎比文化与旅游部以及约旦科威特银行。 该团伙还是2022年10月AT&T攻击事件的幕后黑手，声称可访问AT&T整个企业网络，并于2024年秋季攻击了Radisson Country Inn and Suites连锁酒店。   消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in WatchGuard Fireware OS up to 12.11.1 and classified as critical. Affected by this issue is some unknown functionality of the component Management WebUI/Command Line Interface Parser. Such manipulation leads to active debug code. This vulnerability is listed as CVE-2025-4106. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Apache Tomcat up to 8.4.x/8.5.100/9.0.108/10.1.44/11.0.10. This affects an unknown part of the file /WEB-INF/ of the component Query Parameter Handler. The manipulation results in relative path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2025-55752. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

X urges users with passkeys or YubiKeys to re-enroll 2FA by Nov 10, 2025, or risk account lockout. Re-enroll, switch 2FA, or disable it. Social media platform X is urging users who use passkeys or hardware security keys like YubiKeys for two-factor authentication (2FA) to re-enroll their keys by November 10, 2025, to keep account […]

微软去年为其 Microsoft 365 办公软件集成了 AI 服务 Copilot，然后以此为由提高了软件的订阅价格。以澳大利亚为例，自 2024 年 10 月起，集成 Copilot 的 Microsoft 365 个人版订阅价格上涨 45% 至 159 澳元，家庭版价格上涨 29% 至 179 澳元。微软并没有明确告知用户 Microsoft 365 还有一个不包含 AI 的经典版本。澳大利亚竞争监管机构认为微软误导了该国 270 万订阅用户，为此提起了诉讼。

聚焦云安全威胁，助力企业云安全防御认知升级

A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines. The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants. The issue stems from inadequate sanitization of the –dns and –dhcp-option […]

The post OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks appeared first on Cyber Security News.

A vulnerability marked as critical has been reported in Seiko SkyBridge and SkySpider. This vulnerability affects unknown code. Performing manipulation results in weak password requirements. This vulnerability is identified as CVE-2023-25184. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in McAfee Total Protection up to 16.0.49. This affects an unknown part of the component Component Object Model Handler. Executing manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2023-25134. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in CyberPower PowerPanel Business and PowerPanel Business Management up to 4.8.6 on Windows/Linux/macOS. This affects an unknown part of the file default.cmd. The manipulation leads to improper privilege management. This vulnerability is listed as CVE-2023-25133. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in CyberPower PowerPanel Business and PowerPanel Business Management up to 4.8.6 on Windows/Linux/macOS. Affected by this issue is some unknown functionality of the file default.cmd. Executing manipulation can lead to unrestricted upload. This vulnerability is tracked as CVE-2023-25132. The attack can be launched remotely. No exploit exists.

The Iran-linked Advanced Persistent Threat group MuddyWater has launched an aggressive phishing operation that compromised over 100 government entities and […]

The post Behind MuddyWater’s Phoenix v4: The Malware Toolkit Compromising Global Entities appeared first on HawkEye.

Cybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CVE-2025-8088, a path traversal vulnerability in the popular file compression software, to deliver weaponized RAR archives that silently deploy malicious payloads without requiring user interaction beyond […]

The post Gamaredon Phishing Campaign Exploits WinRAR Vulnerability to Target Government Agencies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.