Aggregator

Company Eyes Product Innovation and Strategic M&A After Rapid 30x ARR Growth
CEO Varun Badhwar says Silicon Valley-based Endor Labs will use its $93 million Series B funding to build AI-powered code security tools, boost community outreach and target key acquisitions, helping enterprises secure faster, AI-assisted software development.

ConnectWise has released an urgent security patch for its ScreenConnect remote access software to address a serious vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability, identified as CVE-2025-3935 and tracked under CWE-287 (Improper Authentication), affects all ScreenConnect versions up to and including 25.2.3. Security researchers discovered that ScreenConnect versions […]

The post Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code appeared first on Cyber Security News.

2025年4月28日，福州海峡国际会展中心10号馆。

KdotStealer窃密木马样本分析

KdotStealer窃密木马样本分析

勒索病毒肆虐，数据安全告急！掌握这份硬核防御与应急攻略，让勒索病毒无处遁形！

勒索病毒肆虐，数据安全告急！掌握这份硬核防御与应急攻略，让勒索病毒无处遁形！

百度发布文心大模型 4.5 Turbo 和 X1 Turbo，价格仅为 DeepSeek 四分之一；喜马拉雅回应出售给腾讯音乐：不知晓此事；特斯拉将开启 9 小时免费充电福利，覆盖全国 50 座超级充电站

从开幕主旨演讲到各大厂商展台，代理型AI在RSAC 2025上频频出现

点击查看更多本周网络安全大事件。

点击查看更多本周网络安全大事件。

A vulnerability was found in eMedia simpleRedak up to 2.47.23.05. It has been classified as problematic. Affected is an unknown function of the file #/de/casting/show/detail/. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-33764. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Mozilla Thunderbird up to 102.7. Affected by this vulnerability is the function requestFullscreen of the component Fullscreen Mode. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2023-25730. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Thunderbird up to 102.7. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2023-25746. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in MicroWorld eScan Management Console 14.0.1400.2281. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-33731. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Microsoft Edge. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2023-33143. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Simhl STHS v2 Web Portal 2.2. It has been classified as problematic. This affects an unknown part of the file prospects.php of the component Web Portal. The manipulation of the argument team leads to cross site scripting. This vulnerability is uniquely identified as CVE-2012-1217. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 102.7 on Windows. This affects an unknown part of the component URL Handler. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2023-25734. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird up to 102.7.0 and classified as critical. This vulnerability affects unknown code of the component Signature Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2023-0430. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.