Aggregator

看雪论坛作者ID：櫬木汐

欢迎点赞、转发、评论！！！

6月7日-9日，2025全球人工智能技术博览会，不见不散！

A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Nginx web servers.  The vulnerability, designated as CVE-2025-48866, affects all ModSecurity versions prior to 2.9.10 and allows attackers to crash systems through exploitation of the sanitiseArg […]

The post New ModSecurity WAF Vulnerability Let Attackers Crash the System appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5523. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #585711 / VDB-310218

A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-5522. The attack may be launched remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute harmful code disguised as legitimate libraries. This attack vector exploits the trust developers place in […]

The post Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #585342 / VDB-310959

银河系被广泛认为会在 45 亿年之后与其最近邻居仙女座相撞。但最新研究认为这并非是必然发生的。研究团队分析了来自哈勃和盖亚的资料，考虑了 22 种可能影响我们星系与邻近星系之间潜在碰撞的不同变量，并进行多达 10 万次的电脑模拟，并延伸至未来 100 亿年。由于变数太多，每个变数都有误差，累积起来对结果的不确定性相当大，结果显示银河系和仙女座在接下来 100 亿年内发生真正碰撞的机率只有约 50%，换言之，另一半的机率可能只是擦身而过，而非正面相撞。研究团队指出预测星系相互作用的长期未来具有很大的不确定性，但新发现挑战了先前的共识，并表明银河系的命运仍然是一个悬而未决的问题。再考虑到太阳会在大约 10 亿年后让地球变得不适合居住，而太阳本身也很可能在 50 亿年后燃烧殆尽，因此与仙女座相撞是我们在宇宙中最不需要担心的事。

Submit #584986 / VDB-310958

Submit #584947 / VDB-214689

Проверка на устойчивость закончилась падением на ровном месте.

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list. "Recent

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-5521. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, this flaw enables attackers to crash servers by exploiting argument sanitization logic, with patches now available in version 2.9.10. Sanitisation Logic Flaw The vulnerability stems from ModSecurity’s sanitiseArg action, designed […]

The post New ModSecurity WAF Vulnerability Enables Attackers to Crash Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

第十届“创客中国”网络安全中小企业创新创业大赛启动仪式5月30日在四季青镇成功举办。

安全团队46%时间用于维护安全工具，但66%企业去年仍遭数据泄露。

根据发表在《New England Journal of Medicine》期刊上的一项研究，锻炼能显著降低结肠癌的复发和死亡风险。相比不要求运动的对照组，锻炼组的结肠癌复发、新发癌症或八年内死亡的风险降低了 28%。研究人员发现，锻炼的好处在一年之后就体现出来了，并且会随着时间的推移而加强。在锻炼组中，无癌症复发的五年生存率达到 80.3%，对照组为 73.9%。锻炼组八年总生存率 90.3%，对照组 83.2%。研究期间锻炼组死亡 41 人，对照组死亡 66 人。锻炼组参与者可以进行任何喜欢的休闲有氧运动。他们的运动量并不高，每周三到四次 45-60 分钟的快走或三到四次 25-30 分钟的慢跑，这些就足以提高他们的生存率。

Submit #584636 / VDB-310957