Two Microsoft Zero-Days for Admins to Fix in June Patch Tuesday
Microsoft has patched two zero days this month, one of which is being exploited in the wild
Aggregator
2107 машин, $6 миллионов и попытка воскреснуть за 48 часов: Иркутск стал майнинговым Эльдорадо
3 months 1 week ago
Новая криптоутопия рухнула за два дня.
Microsoft Teams New Update Enhances Productivity & Customization
3 months 1 week ago
Microsoft has announced a significant productivity enhancement coming to Microsoft 365 that will allow users to open core collaboration applications in separate windows, marking a major step forward in workspace customization and multitasking capabilities. The new feature, identified under Microsoft 365 Roadmap ID 495003, will enable users to launch essential applications such as Chat, Teams, […]
The post Microsoft Teams New Update Enhances Productivity & Customization appeared first on Cyber Security News.
Guru Baran
利用位图资源隐藏恶意软件的新型混淆技术分析
3 months 1 week ago
攻击者通过图像隐写术将恶意软件隐藏在看似无害的位图资源中,轻松绕过传统安全检测,如何防范?
Входишь в почту — а она уже не твоя: девять российских компаний пробиты через Outlook
3 months 1 week ago
Почтовый клиент, который шпионил за тобой.
Sale of 23andMe: On the Hot Seat of Congress, States
3 months 1 week ago
Lawmakers Quiz Execs on Security; State AG Seek to Block Sale of Bankrupt Firm
While a Congressional committee grilled 23andMe executives on Tuesday about security and privacy, 28 states filed a lawsuit to stop the sale of the bankrupt genetics testing firm unless the company obtains explicit consent from each customer for the transfer or their information to a third party.
While a Congressional committee grilled 23andMe executives on Tuesday about security and privacy, 28 states filed a lawsuit to stop the sale of the bankrupt genetics testing firm unless the company obtains explicit consent from each customer for the transfer or their information to a third party.
300K Crash Reports Stolen in Texas DOT Hack
3 months 1 week ago
Crash Records and Driver Data Exposed in Texas Transportation Hack
Hackers accessed the Texas Department of Transportation's crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals.
Hackers accessed the Texas Department of Transportation's crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals.
How to Get a Clearer Picture of Vendor Risk
3 months 1 week ago
Experts Call for Continuous Assessments of Vendor Risk - Not Just at Onboarding
As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they're onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may change over time.
As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they're onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may change over time.
CVE-2025-5485 | SinoTrack IOT PC Platform up to 8.6 Web Management Interface observable response discrepancy (icsa-25-160-01)
3 months 1 week ago
A vulnerability was found in SinoTrack IOT PC Platform up to 8.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation leads to observable response discrepancy.
This vulnerability is known as CVE-2025-5485. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-5484 | SinoTrack IOT PC Platform 8.3 Device Management weak authentication (icsa-25-160-01)
3 months 1 week ago
A vulnerability was found in SinoTrack IOT PC Platform 8.3. It has been classified as critical. Affected is an unknown function of the component Device Management Handler. The manipulation leads to weak authentication.
This vulnerability is traded as CVE-2025-5484. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-4799 | WP-DownloadManager Plugin up to 1.68.10 on WordPress absolute path traversal (EUVD-2025-18083)
3 months 1 week ago
A vulnerability was found in WP-DownloadManager Plugin up to 1.68.10 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to absolute path traversal.
The identification of this vulnerability is CVE-2025-4799. The attack may be initiated remotely. There is no exploit available.
vuldb.com
网络钓鱼攻击的演变:传统检测手段为何失效?
3 months 1 week ago
如果不是对企业和消费者造成严重危害,现代网络钓鱼的“高明”手法甚至令人叹服。
CVE-2024-35295 | Siemens Perfect Harmony GH180 up to 8.3.2 missing authentication (ssa-771113 / EUVD-2024-54675)
3 months 1 week ago
A vulnerability has been found in Siemens Perfect Harmony GH180 up to 8.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to missing authentication.
This vulnerability was named CVE-2024-35295. It is possible to launch the attack on the physical device. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-5991 | Qt 6.9.0 QtNetwork Module QHttp2ProtocolHandler use after free (EUVD-2025-18092)
3 months 1 week ago
A vulnerability, which was classified as critical, was found in Qt 6.9.0. This affects the function QHttp2ProtocolHandler of the component QtNetwork Module. The manipulation leads to use after free.
This vulnerability is uniquely identified as CVE-2025-5991. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
2025轩辕杯CTF之web
3 months 1 week ago
Webezweb查看网页源码,发下账号密码,fly233/123456789登录进去点击抓包,查看数据包猜测存在任意文件读取漏洞,直接读环境变量看看拿下flagezjs查看源码,看看main.js 直接向 getflag.php 发送 POST 请求即可Ezflask题目名可知为ssti注入 进入题目测试进一步验证fenjing直接跑:{{''['__cla'+'ss__']['__ba'+'s
Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild
3 months 1 week ago
Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WebDAV) that it said has come under active exploitation in the wild.
Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This includes 26 remote code execution flaws, 17 information disclosure flaws, and 14 privilege escalation
The Hacker News
Египетский бог с головой сокола теперь живёт в вашем Edge — но это не мифология, а новый 0day
3 months 1 week ago
PDF не виноват — просто в него вселился демон с WebDAV-сервера.
Dire Wolf
3 months 1 week ago
You must login to view this content
cohenido
Dire Wolf
3 months 1 week ago
You must login to view this content
cohenido
Dire Wolf
3 months 1 week ago
You must login to view this content
cohenido