Aggregator
警惕!Fortinet防火墙漏洞遭勒索软件利用,多家企业被黑
2 months 4 weeks ago
网络安全产品屡屡成为企业被黑入口
US DOGE Staffer Sent Unencrypted Treasury Data Over Email
2 months 4 weeks ago
Agency Official Says Ex-DOGE Staffer's Data Breach Violated Security Policy
An ex-Department of Government Efficiency staffer violated Treasury rules by sending unencrypted personal data to two senior Trump administration officials without approval, raising concerns about the task force's apparent disregard for or lack of knowledge about critical data security policies.
An ex-Department of Government Efficiency staffer violated Treasury rules by sending unencrypted personal data to two senior Trump administration officials without approval, raising concerns about the task force's apparent disregard for or lack of knowledge about critical data security policies.
软件供应链安全最被关心的20个问题(上)
2 months 4 weeks ago
3月26日晚19:00线上闭门会,提安全419好使!
软件供应链安全最被关心的20个问题(上)
2 months 4 weeks ago
3月26日晚19:00线上闭门会,提安全419好使!
软件供应链安全最被关心的20个问题(上)
2 months 4 weeks ago
3月26日晚19:00线上闭门会,提安全419好使!
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
2 months 4 weeks ago
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems.
"These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially
The Hacker News
信息安全漏洞周报(2025年第11期)
2 months 4 weeks ago
根据国家信息安全漏洞库(CNNVD)统计,本周(2025年3月10日至2025年3月16日)安全漏洞情况如下
信息安全漏洞周报(2025年第11期)
2 months 4 weeks ago
根据国家信息安全漏洞库(CNNVD)统计,本周(2025年3月10日至2025年3月16日)安全漏洞情况如下
信息安全漏洞周报(2025年第11期)
2 months 4 weeks ago
根据国家信息安全漏洞库(CNNVD)统计,本周(2025年3月10日至2025年3月16日)安全漏洞情况如下
信息安全漏洞周报(2025年第11期)
2 months 4 weeks ago
根据国家信息安全漏洞库(CNNVD)统计,本周(2025年3月10日至2025年3月16日)安全漏洞情况如下
CVE-2025-30083 | codingms additional-tca cross site scripting
2 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in codingms additional-tca. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-30083. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-30081 | clickstorm cs-seo cross site scripting
2 months 4 weeks ago
A vulnerability, which was classified as problematic, has been found in clickstorm cs-seo. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2025-30081. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
США и Южная Корея тестируют роботов-собак в подземных боевых учениях
2 months 4 weeks ago
Псы-киборги против военных тоннелей КНДР.
新型远程访问木马 Stilachi 被微软披露:精准盗窃加密货币与系统数据
2 months 4 weeks ago
科技媒体 bleepingcomputer 昨日(3 月 17 日)发布博文,报道称微软安全团队最新发现一种名为 StilachiRAT 的新型远程访问木马(RAT),该恶意软件通过高级技术逃避检测、维持持久性并窃取敏感数据。 IT之家援引博文介绍,尽管当前传播范围有限,微软仍提前公开威胁指标与防御建议,协助网络安全人员降低潜在危害。目前尚未确认该恶意软件的幕后攻击者或地理来源。 StilachiRAT 木马通过 WWStartupCtrl64.dll 模块,扫描 Coinbase、Metamask 等 20 种加密货币钱包扩展,获取数字钱包数据。 此外,该木马还会提取 Chrome 浏览器保存的凭证,监控剪贴板中的密码和加密货币密钥,记录系统硬件信息及活跃的远程桌面协议(RDP)会话。 该木马会收集摄像头状态、GUI 应用运行情况,构建目标系统画像以定位高价值攻击目标,该木马还会通过克隆用户安全令牌伪装登录身份,可突破 RDP 服务器的管理员会话限制,在受害网络内横向渗透。 该木马以独立进程或 Windows 服务形式部署后,绑定 **Windows 服务控制管理器(SCM)** 持久化,利用“看门狗线程”监控自身进程,若被终止将自动重建。 转自IT之家,原文链接:https://www.ithome.com/0/838/701.htm 封面来源于网络,如有侵权请联系删除
hackernews
CVE-2024-52948 | lemonldap-ng FIDO2 Enrollment Page cross-site request forgery
2 months 4 weeks ago
A vulnerability classified as problematic was found in lemonldap-ng. This vulnerability affects unknown code of the component FIDO2 Enrollment Page. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2024-52948. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild
2 months 4 weeks ago
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet’s FortiOS and FortiProxy systems, which threat actors are actively exploiting. The authentication bypass vulnerability, tracked as CVE-2025-24472, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in ransomware campaigns. […]
The post CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild appeared first on Cyber Security News.
Guru Baran
CVE-2025-1232 | Paul Ryley Site Reviews Plugin up to 7.2.4 on WordPress Review cross site scripting
2 months 4 weeks ago
A vulnerability classified as problematic has been found in Paul Ryley Site Reviews Plugin up to 7.2.4 on WordPress. This affects an unknown part of the component Review Handler. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-1232. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-30236 | Shearwater SecurEnvoy SecurAccess Enrol up to 9.4.514 HTTP POST Request external control of assumed-immutable web parameter
2 months 4 weeks ago
A vulnerability was found in Shearwater SecurEnvoy SecurAccess Enrol up to 9.4.514. It has been rated as critical. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation leads to external control of assumed-immutable web parameter.
This vulnerability is handled as CVE-2025-30236. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-30235 | Shearwater SecurEnvoy SecurAccess Enrol up to 9.4.514 race condition
2 months 4 weeks ago
A vulnerability was found in Shearwater SecurEnvoy SecurAccess Enrol up to 9.4.514. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to race condition.
This vulnerability is known as CVE-2025-30235. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com