Aggregator

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-5600. The attack may be initiated remotely. Furthermore, there is an exploit available.

Фейковые трейдерши атакуют россиян.

Submit #588075 / VDB-311087

A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. This vulnerability was named CVE-2025-5599. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #588033 / VDB-295137

Submit #587996 / VDB-191307

A vulnerability classified as critical has been found in Delta Electronics CNCSoft-G2 2.0.0.5/2.1.0.4/2.1.0.10/2.1.0.20. This affects an unknown part of the component File Handler. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-47728. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ABB EIBPORT V3 KNX and EIBPORT V3 KNX GSM up to 3.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the component Integrated Web Server. The manipulation leads to session fixiation. This vulnerability is handled as CVE-2024-13967. The attack may be launched remotely. There is no exploit available.

Submit #587980 / VDB-148416

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,

Submit #587966 / VDB-187467

Submit #587960 / VDB-311086

本文将介绍典型的无限制 LLM 工具及其滥用方式。

A vulnerability was found in Phoenix Contact ILC 131, ILC 151, ILC 171 and ILC 191 ETH. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component IEC 61131 Program. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2018-25112. The attack can be launched remotely. There is no exploit available.

近日，一则关于生成式人工智能模型违抗人类指令的消息引发社会广泛关注。据新华社报道，美国开放人工智能研究中心新款人工智能模型o3在测试中不听人类指令，篡改计算机代码以避免自动关闭。

在大模型的训练中，强化学习算法一直是提升模型性能的关键。然而，其面临着计算资源要求高等问题，让普通企业机构望而却步。面对行业共性难题，近日，在360数字安全集团冰刃实验室主导下，打造出“轻量化、高性能”的AI训练方案：RL-LoRA。

我国网络安全人才领域正面临着供需失衡、能力错配等诸多困境，传统评价模式已难以适应快速演进的威胁形势和产业发展需求。构建科学、规范、实战导向的人才评价体系，既是破解人才结构性矛盾的关键，更是提升我国在全球网络安全治理中影响力的战略支点。

A simple customer query leads to a rabbit hole of backdoored malware and game cheats

Defensie helpt nog steeds bij het beveiligen van de gevangenis op Sint Maarten. Daar brak 3 weken geleden brand uit. Militairen in het Caribisch gebied moeten voorkomen dat gedetineerden ontsnappen. Ook houden ze de situatie in de omgeving onder controle. Een overzicht van Defensieoperaties in de week van 28 mei tot en met 3 juni 2025.