Apos
You must login to view this content
Aggregator
Windows Remote Desktop Services Vulnerability Allows Remote Code Execution
3 months 1 week ago
A critical security vulnerability in Windows Remote Desktop Services, designated as CVE-2025-32710, which allows unauthorized attackers to execute arbitrary code remotely without authentication. Released on June 10, 2025, this vulnerability affects multiple Windows Server versions and carries a CVSS score of 8.1, indicating high severity with potential for significant system compromise. The flaw stems from […]
The post Windows Remote Desktop Services Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
Guru Baran
«Хватит писать код» — в Cisco инженеров учат проектировать будущее, а не долбить по клавишам
3 months 1 week ago
Всё, хватит строчить код: теперь думаем головой, а не пальцами.
轩辕杯-Crypto-WP
3 months 1 week ago
轩辕杯
Кто, куда и с кем: тайная карта передвижений граждан уже в руках государства — и обновляется каждый день
3 months 1 week ago
Что происходит с данными, когда ты покупаешь билет?
豆包大模型升级1.6版,视频模型上新
3 months 1 week ago
冰蝎源码(Behinder)分析---代码审计
3 months 1 week ago
Behinder代码审计
CVE-2025-41662 | Weidmueller IE-SR-2TX-WL Main Web Interface tls_iotgen_setting cross-site request forgery (VDE-2025-052 / EUVD-2025-18090)
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Weidmueller IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V. This issue affects the function tls_iotgen_setting of the component Main Web Interface. The manipulation leads to cross-site request forgery.
The identification of this vulnerability is CVE-2025-41662. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-41661 | Weidmueller IE-SR-2TX-WL Main Web Interface event_mail_test cross-site request forgery (VDE-2025-052 / EUVD-2025-18089)
3 months 1 week ago
A vulnerability classified as problematic was found in Weidmueller IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V. This vulnerability affects the function event_mail_test of the component Main Web Interface. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2025-41661. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-41663 | Weidmueller IE-SR-2TX-WL os command injection (VDE-2025-052 / EUVD-2025-18088)
3 months 1 week ago
A vulnerability classified as critical has been found in Weidmueller IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V. This affects an unknown part. The manipulation leads to os command injection.
This vulnerability is uniquely identified as CVE-2025-41663. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Apos
3 months 1 week ago
You must login to view this content
cohenido
CVE-2025-29756 | SunGrow iSolarCloud MQTT Service authorization (EUVD-2025-18091)
3 months 1 week ago
A vulnerability was found in SunGrow iSolarCloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component MQTT Service. The manipulation leads to missing authorization.
This vulnerability is handled as CVE-2025-29756. The attack may be launched remotely. There is no exploit available.
This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.
vuldb.com
警惕AI扒手:Pickai后门正通过ComfyUI漏洞传播
3 months 1 week ago
Two Microsoft Zero-Days for Admins to Fix in June Patch Tuesday
3 months 1 week ago
Microsoft has patched two zero days this month, one of which is being exploited in the wild
2107 машин, $6 миллионов и попытка воскреснуть за 48 часов: Иркутск стал майнинговым Эльдорадо
3 months 1 week ago
Новая криптоутопия рухнула за два дня.
Microsoft Teams New Update Enhances Productivity & Customization
3 months 1 week ago
Microsoft has announced a significant productivity enhancement coming to Microsoft 365 that will allow users to open core collaboration applications in separate windows, marking a major step forward in workspace customization and multitasking capabilities. The new feature, identified under Microsoft 365 Roadmap ID 495003, will enable users to launch essential applications such as Chat, Teams, […]
The post Microsoft Teams New Update Enhances Productivity & Customization appeared first on Cyber Security News.
Guru Baran
利用位图资源隐藏恶意软件的新型混淆技术分析
3 months 1 week ago
攻击者通过图像隐写术将恶意软件隐藏在看似无害的位图资源中,轻松绕过传统安全检测,如何防范?
Входишь в почту — а она уже не твоя: девять российских компаний пробиты через Outlook
3 months 1 week ago
Почтовый клиент, который шпионил за тобой.
Sale of 23andMe: On the Hot Seat of Congress, States
3 months 1 week ago
Lawmakers Quiz Execs on Security; State AG Seek to Block Sale of Bankrupt Firm
While a Congressional committee grilled 23andMe executives on Tuesday about security and privacy, 28 states filed a lawsuit to stop the sale of the bankrupt genetics testing firm unless the company obtains explicit consent from each customer for the transfer or their information to a third party.
While a Congressional committee grilled 23andMe executives on Tuesday about security and privacy, 28 states filed a lawsuit to stop the sale of the bankrupt genetics testing firm unless the company obtains explicit consent from each customer for the transfer or their information to a third party.
300K Crash Reports Stolen in Texas DOT Hack
3 months 1 week ago
Crash Records and Driver Data Exposed in Texas Transportation Hack
Hackers accessed the Texas Department of Transportation's crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals.
Hackers accessed the Texas Department of Transportation's crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals.