Aggregator

Вы даже не заметите, как посторонние изучат ваш рабочий график и узнают, с кем конкретно вы встречаетесь.

Microsoft has released PowerToys 0.97, with a new mouse utility for multi-monitor setups and significant improvements to the Command Palette quick launcher. [...]

Nicholas Moore, 24, from Springfield, Tennessee, pleaded guilty to unauthorized computer access and fraud, marking a significant case of government cybersecurity breach. Moore hacked multiple U.S. government systems and publicly disclosed sensitive information through social media, exposing critical vulnerabilities in federal digital infrastructure. Between August and October 2023, Moore executed a coordinated series of intrusions […]

The post Hacker Pleads Guilty For Stealing Supreme Court Documents and Leaking via Instagram appeared first on Cyber Security News.

2 security vulnerabilities in the Chainlit framework expose risks from web flaws in AI applications

PHPGurukul Online Course Registration SQL注入漏洞（CVE-2025-10663）

WPair is an Android application designed to identify and demonstrate the CVE-2025-36911 vulnerability affecting millions of Bluetooth audio devices worldwide. The tool addresses a critical authentication bypass flaw discovered by KU Leuven researchers in Google’s Fast Pair protocol, commonly referred to as WhisperPair.​ CVE-2025-36911 represents a systemic failure in Fast Pair implementations across multiple manufacturers […]

The post WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol appeared first on Cyber Security News.

A sophisticated spear-phishing campaign has emerged targeting Argentina’s judicial sector, exploiting trust in legitimate court communications to deliver a dangerous Remote Access Trojan. The campaign uses authentic-looking federal court documents about preventive detention reviews to trick legal professionals into downloading malware. Security experts have classified this attack as highly targeted, employing multi-stage infection techniques to […]

The post New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access appeared first on Cyber Security News.

最近美军的空军教员加里·格洛杰克中校探讨了未来和Z国的军事对抗中，如何在通信受限环境，利用美军的人才认知优势获得战争胜利。

这份《2025年Z国军事与安全发展报告》是美国国防部向国会提交的年度报告，详细阐述了Z国军事战略、现代化进程、2024年的兵力运用、国防工业发展以及对T*的压力行动。

Путь PDFSider к данным корпораций оказался на удивление простым.

IPv4 的 40 亿地址空间早就枯竭，但有 2^128 地址空间的 IPv6 普及速度并没有预想的快。一大原因是互联网从点对点架构转向了客户端/服务器架构，而 Network Address Translators (NATs)与此完全嵌合。客户端/服务器架构中，客户端共享一个较小的公共地址池，只在与远程服务器建立活动会话后才使用地址。在 NAT 帮助下逾 300 亿联网设备只使用 30 亿个已通告的 IPv4 地址池。但联网设备的持续增长意味着 NAT 无法完全解决问题，增长压力推动 IPv6 的加快部署。2017 年 IPv6 部署激增是受益于印度部署的移动 IPv6 服务，而中国的 IPv6 服务最近几年也在快速普及，IPv6 用户占比从 2024 年初的 32% 增长到 2025 年底的 54%，意味着两年内中国 IPv6 用户数量增加约 9400 万。但非洲、东欧和南欧以及西亚没有出现 IPv6 的大规模部署。

Findings From WEF's 2026 Report Show Shifting Cyber Priorities as AI Reshapes Risk
Cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026, according to the World Economic Forum's Global Cybersecurity Outlook 2026, released ahead of the Davos meeting. AI is a top emerging technology affecting both cyber risk and cyber defense.

基于逆向工程的Starlink下行链路信号全特性分析报告 by ourren

更多最新文章，请访问SecWiki

A vulnerability classified as critical was found in slackero phpwcms up to 1.9.45/1.10.8. This affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. Executing a manipulation of the argument cpage_custom can lead to deserialization. This vulnerability is tracked as CVE-2025-5498. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in slackero phpwcms up to 1.9.45/1.10.8. This impacts the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. This vulnerability is listed as CVE-2025-5499. The attack may be initiated remotely. In addition, an exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Samsung Galaxy Watch. The affected element is an unknown function of the component Framework. Performing a manipulation results in incorrect default permissions. This vulnerability is identified as CVE-2025-20997. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. This vulnerability affects the function set_track_prepare of the component slub. The manipulation results in allocation of resources. This vulnerability is known as CVE-2025-39843. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.17-rc4 and classified as critical. Affected by this vulnerability is the function batadv_nc_skb_decode_packet. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2025-39839. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. It has been rated as critical. This vulnerability affects the function ocfs2_delete_osb. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-39842. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.