Aggregator

A vulnerability was found in neo4j Enterprise Edition up to 5.26.16/2025.11.1. It has been classified as problematic. Affected is an unknown function. This manipulation causes information exposure through error message. The identification of this vulnerability is CVE-2025-12738. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A notice published Friday by state-run Xinhua News Agency said the two men — Zhang Youxia, the country’s most senior uniformed military officer, and Liu Zhenli, a top operational commander — have been placed under investigation following deliberation by the Chinese Communist Party’s Central Committee.

漏洞概述CVE-2026-22813 是OpenCode开发环境中的一个高危安全漏洞，该漏洞通过巧妙的攻击链组合，允许远程攻击者在用户本地计算机上执行任意代码（RCE）。该漏洞的影响评分为9.4，影响OpenCode 1.1.10之前的所有版本。漏洞背景OpenCode是一个流行的本地开发工具，默认在localhost:4096端口运行HTTP服务，提供网页UI和API接口。该工具集成了AI聊天功

Технология, которая была круче всех в 1987-м, покидает Linux.

过去几年，重返地球大气层的空间碎片数量呈指数级增长，不受控的重返大气层事件对人类生命、基础设施和环境的威胁日益加剧。研究人员在《科学》期刊上发表论文，报告了用地面的地震传感器所提供的公开数据探测再入大气层碎片所产生的冲击波（即音爆）的方法。通过对 2024 年 4 月重返地球的神舟十五号轨道舱的再入过程进行监测，研究人员验证了他们的方法；该轨道舱此前处于轨道衰减状态，并会定期飞越六大洲的主要人口密集区的上空。通过利用来自南加州和内华达州传感器的地震数据，研究人员对神舟十五号重返大气层时产生的音爆进行了分析。神舟十五号最终被观察到的再入点与追踪及撞击预测的估算位置相差约 8600 公里。研究人员成功推算出了该航天器的地面轨迹、速度和高度。此外音爆模式显示，神舟十五号并非在单次爆炸事件中坠落，而是可能逐渐碎裂成较小的碎片。这与目击者的报告和视频片段相符。

美国正式退出 WHO 的第二天，加州加入了 WHO 的全球疾病暴发预警和应对网络(Global Outbreak Alert and Response Network，GOARN)，成为第一个重新加入该组织的美国州。加州州长 Gavin Newsom 在一份声明中表示，“特朗普政府退出 WHO 是一个鲁莽的决定，将损害所有加州人民和美国人民的利益。加州不会目睹这一决定带来的混乱。我们将继续在全球范围内加强合作，保持在公共卫生准备工作的最前沿...“

Почему инструмент для помощи пользователям вдруг стал идеальным подарком для хакеров.

微软最近向 FBI 提供了 BitLocker 密钥去解锁三台笔记本电脑硬盘上的加密数据。Windows 11 默认启用 BitLocker 全盘加密，而密钥会上传到用户的 Microsoft Account，也就是会上传到微软云端。而微软以及执法机构可以访问密钥解密 BitLocker 加密的硬盘。此案与关岛发生的疫情失业援助欺诈相关。FBI 在查获三台使用 BitLocker 加密的笔记本电脑六个月后申请了搜查令。微软未予以置评，它此前曾表示平均每年会收到 20 份提供 BitLocker 密钥的请求。

伪装成TDesk安装程序银狐样本与威胁情报

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign," Fortinet FortiGuard Labs researcher Cara Lin said in a technical breakdown published this week. "These documents and

Взломщик биржи Bitfinex намерен начать карьеру в сфере кибербезопасности.

Microsoft is preparing to deploy a significant, potentially controversial update to Microsoft Teams that automatically detects and displays a user’s physical work location based on the Wi-Fi network they connect to. According to the latest update on the Microsoft 365 Roadmap (ID 488800), this feature is scheduled to begin rolling out in March 2026 for […]

The post Microsoft Teams to Share your Location With Your Employer Soon Based on Wi-Fi Network appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2024-37079 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a centralized management platform developed […]

看雪论坛作者ID：UserXCh

Лондонские власти восстановили прием онлайн-оплат спустя несколько месяцев после кибератаки.

A vulnerability, which was classified as problematic, was found in WP Directory Kit Plugin up to 1.4.9 on WordPress. Affected is the function wdk_public_action of the component AJAX Handler. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-13920. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in PDFCrowd Save as PDF Plugin up to 4.5.5 on WordPress. This impacts an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-0862. The attack can be initiated remotely. There is not any exploit available.