Aggregator

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Fast FAT File System Driver. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2025-24985. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Oxid-esales eShop. Affected by this vulnerability is the function getTag. The manipulation of the argument searchtag leads to cross site scripting. This vulnerability is known as CVE-2014-2016. The attack can be launched remotely. Furthermore, there is an exploit available.

A recent disclosure by Cisco Talos’ Vulnerability Discovery & Research team highlighted several vulnerability issues in Adobe Acrobat. All of these vulnerabilities have been addressed by their respective vendors, aligning with Cisco’s third-party vulnerability disclosure policy. For detection of these vulnerabilities, users can utilize the latest Snort rule sets available from Snort.org and refer to […]

The post Adobe Acrobat Vulnerabilities Enable Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity experts have uncovered how hackers use Cascading Style Sheets (CSS) to deceive spam filters and monitor user behavior. This sophisticated technique allows malicious actors to remain under the radar while gaining insights into user preferences and actions. The abuse of CSS for both evasion and tracking poses substantial threats to privacy and security. The […]

The post Hackers Use CSS Tricks to Bypass Spam Filters and Monitor Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Как Великобритания пытается заглянуть в зашифрованные сообщения пользователей.

四川大学的研究人员调查了屏幕时间与心血管病风险的关系。研究人员从中国健康与营养调查（CHNS）中选取了 7124 名参与者。CHNS 是一项始于 1989 年的大规模纵向研究，采用多阶段随机整群抽样设计，覆盖中国多个省份，旨在研究社会经济、行为变化以及饮食、身体活动与健康结果之间的关系。在本研究中，参与者需提供 2009 年的血脂数据，并在 2011 - 2015 年间至少有一次随访记录。研究人员通过面对面问卷调查收集参与者休闲时间的每日屏幕暴露信息，涵盖看电视、玩电子游戏、上网聊天等多种屏幕活动，并计算工作日和周末的平均屏幕暴露时长。研究发现，每日屏幕时间每增加 1 小时，血液总胆固醇 TC、低密度脂蛋白胆固醇（LDL-C）和载脂蛋白 B（ApoB）水平分别升高 0.34%、0.47% 和 0.51%，但屏幕时间与其他血脂生物标志物无显著关联。其中血液 LDL-C 和 ApoB 水平的升高与动脉粥样硬化性心血管疾病发病风险增加显著相关。

A vulnerability, which was classified as critical, has been found in MICROSYS PROMOTIC. This issue affects some unknown processing of the component ActiveX. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2011-4519. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows and classified as problematic. This vulnerability affects unknown code of the component NTFS. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-24991. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been classified as critical. Affected is an unknown function of the component NTFS. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-24993. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The identification of this vulnerability is CVE-2025-2398. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-2397. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #514957 / VDB-299896

Name: UTCTF 2025 (an UTCTF 2025 event.)
Date: March 14, 2025, 11 p.m. — 16 March 2025, 23:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://utctf.live/
Rating weight: 67.21
Event organizers: hhh_

История инженера, который невольно создал машину тотального контроля.

A vulnerability was found in boxdot gurk-rs up to 0.6.3. It has been classified as problematic. This affects an unknown part. The manipulation leads to improper neutralization of escape, meta, or control sequences. This vulnerability is uniquely identified as CVE-2025-30089. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in e-Excellence U-Office Force up to 27.x and classified as critical. Affected by this issue is some unknown functionality of the component API. The manipulation leads to cookies without validation. This vulnerability is handled as CVE-2025-2395. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in e-Excellence U-Office Force up to 27.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-2396. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Под маской известного бренда скрывается масштабная кампания по краже данных.

自 3 月 2 日成为首个成功软着陆月球的民间登月探测器后，「蓝色幽灵（Blue Ghost）」在预计的两周任务期间内持续传回许多令人惊叹的纪录。3 月 14 日在美洲地区发生一场月全食，但是在月球上看起来则是地球挡住了太阳光，是日全食。蓝色幽灵恰好见证了这场罕见的「日全食」并记录下精彩影像，这也是第一次由商业公司在月球运作时观测到日全食。日食持续将近 5 小时，在蓝色幽灵降落点的危海包括了约 2 小时 16 分的全食期。地球上月全食也被称为血月，这是由于当地球运行到太阳与月球之间时，月球将完全笼罩在地球的阴影中并呈现红色。相较之下，蓝色幽灵拍摄到的照片显现出地球挡住太阳并出现红色的光环。虽然光环类似于地球上观测到的日环食，但是从月球上看地球的直径远大于太阳，因此不可能会发生日环食。这个光环是由于地球大气层折射的结果，环上的亮纹与暗纹则是大气中天气变化的影响。