Aggregator

A vulnerability identified as critical has been detected in rAthena. Affected is an unknown function of the component PartyBooking. The manipulation of the argument WorldName leads to sql injection. This vulnerability is referenced as CVE-2025-58448. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

根据微软 HR 最高官员 Amy Coleman 的一份备忘录，微软将强制执行重返办公室政策，限制远程办公。微软将要求员工每周到办公室至少办公三天，该政策将首先于 2026 年 2 月起在 Puget Sound 地区实施，之后推广到全美，然后是全世界。Coleman 在备忘录中表示，微软自己的数据显示，员工面对面交流会更活跃，团队更有活力，能取得更好的成果，驱动构建下一波 AI 工具所需要的协作。

微软要求员工每周至少三天回办公室工作，政策从2026年2月起在Puget Sound地区实施，随后扩展至全美和全球。微软认为面对面交流能提升团队活力和成果，并推动AI工具的发展。

A vulnerability categorized as critical has been discovered in rAthena. This impacts an unknown function. Executing manipulation of the argument CA_SSO_LOGIN_REQ can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-58447. The attack may be launched remotely. There is no exploit available. Applying a patch is advised to resolve this issue.

A vulnerability was found in PyInstaller up to 5.x. It has been rated as critical. This affects an unknown function. Performing manipulation results in code injection. This vulnerability was named CVE-2025-59042. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.

A critical vulnerability CVE-2025-42922 has been discovered in SAP NetWeaver that allows an authenticated, low-privileged attacker to execute arbitrary code and achieve a full system compromise. The flaw resides in the Deploy Web Service upload mechanism, where insufficient access control validation permits the upload and execution of malicious files. This vulnerability poses a significant risk […]

The post Critical SAP NetWeaver Vulnerability Let Attackers Execute Arbitrary Code And Compromise System appeared first on Cyber Security News.

A vulnerability was found in himmelblau up to 0.9.22. It has been declared as problematic. The impacted element is an unknown function of the file himmelblau.conf. Such manipulation leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-59044. Local access is required to approach this attack. No exploit exists. It is recommended to upgrade the affected component.

苹果计划于明年推出搭载OLED显示屏的新款MacBook Pro，屏幕由三星提供。OLED屏幕相比mini-LED屏幕具有更高亮度、更好对比度及更长续航等优势。三星将从2026年第二季度开始生产相关面板，预计年产可达1000万台。新产品将于2026年第四季度上市。

漏洞情报需超越CVE监控，整合多源数据（如NVD、商业数据库、开源和供应商渠道），结合自动化与人工分析，构建全面、动态的安全策略以应对快速变化的威胁环境。

一位安全研究人员通过ffuf工具发现了一个未受保护的Django REST API端点api.example.com/user/，该端点暴露了超过150个用户记录，包括哈希密码、电子邮件和角色信息。此漏洞可能被攻击者利用。

作者通过使用ffuf工具扫描发现了一个未受保护的Django REST API端点，暴露了包含150多个用户记录的敏感数据，包括密码、邮箱和角色等信息。

作者通过修改重置密码功能中的host header，成功触发了账户接管漏洞，并在短时间内报告并获得了赏金。

作者通过修改host header和referer header，在目标网站的重置密码功能中发现了账户接管漏洞，并迅速报告后获得漏洞奖励。

作者测试私有程序时发现一博客订阅表单，尝试注入HTML和SSTIayload，部分字符被移除。再次尝试简单超链接成功注入。

作者描述了一次测试超链接注入漏洞的经历，在目标网站的订阅表单中尝试注入HTML和SSTIayload部分被过滤但成功注入超链接并收到邮件确认对漏洞是否被认可持保留态度。

作者发现某平台存在不安全直接对象引用（IDOR）漏洞，在图像删除端点处未验证用户身份。攻击者通过修改`img_id`参数可删除任意用户的图像，导致业务受损和用户信任下降。

Mahmoud El Manzalawy发现了一个不安全直接对象引用（IDOR）漏洞，在图像删除端点中。该漏洞允许攻击者通过修改img_id参数删除其他用户的图像，服务器未验证请求来源。此漏洞可能导致大规模图像删除和业务中断。

当前环境出现异常，需完成验证后方可继续访问。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

Deception and media manipulation have always been part of warfare, but AI has taken them to a new level. Entrust reports that deepfakes were created every five minutes in 2024, while the European Parliament estimates that 8 million will circulate across the EU this year. Technologies are capable of destabilizing a country without a single shot being fired. Humans respond faster to bad news and are more likely to spread it. On top of that, … More →

The post Deepfakes are rewriting the rules of geopolitics appeared first on Help Net Security.