Aggregator

A vulnerability identified as critical has been detected in Sony XAV-AX5500. This affects an unknown function of the component CarPlay TLV. The manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2024-23933. It is possible to launch the attack on the physical device. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Sony XAV-AX5500. Affected is an unknown function of the component ASF Parser. This manipulation causes stack-based buffer overflow. This vulnerability is registered as CVE-2024-23934. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A sophisticated new variant of the Hook Android banking trojan has emerged with unprecedented capabilities that position it among the most advanced mobile malware families observed to date. This latest version, designated Hook Version 3, represents a significant evolution in Android banking malware sophistication, introducing a comprehensive arsenal of 107 remote commands with 38 newly […]

The post New Hook Android Banking Malware With New Advanced Capabilities and Supports 107 Remote Commands appeared first on Cyber Security News.

互联网工程任务组 (IETF) 提议在HTTP响应头中添加AI生成内容声明，帮助爬虫和归档系统识别并选择性处理AI生成的内容，以减少错误传播。该标头为自愿添加，目前处于草案阶段。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

跳转地址的选择与参数传递的思考

当前环境异常，需完成验证后继续访问，并提供验证选项。

文章介紹了在Obsidian Bases中設置屬性以自動提取筆記中的第一張本地圖片作為縮圖的方法，適用於卡片和表格檢視。

Anthropic 与图书作者就版权侵犯集体诉讼达成和解，避免了潜在可能高达数十亿美元的侵权赔偿。今年 6 月美国联邦法官裁决 Anthropic 使用书籍训练 AI 是合理使用，但使用盗版书籍训练并不是。法庭文件显示，Anthropic 从盗版电子书库 LibGen 和 PiLiMi 下载了多达 700 万电子书，在 2021 年和 2022 年创建了一个巨大的书库，加州地区法官 William Alsup 允许遭到侵权的作家代表全美作家提起集体诉讼。双方于 8 月 25 日签署了一份具有约束力的和解协议。

这篇文章展示了如何利用Azure容器应用创建一个C2环境，包括创建基础资源、配置容器应用，并通过HTTPS将流量从感染主机路由到内部C2 VM。

本文详细介绍了如何配置OpenMediaVault（OMV）作为NAS操作系统，包括安装镜像制作、系统安装、网络配置、文件系统挂载以及SMB/CIFS文件共享的设置过程，并分享了作者在实际操作中积累的经验和技巧。

Windows 11 更新引发部分固态硬盘掉盘或无法识别问题，主控芯片制造商慧荣科技确认其产品不受影响。故障主要与群联控制器相关，微软正调查中。问题多发于连续写入大量数据的场景，对视频创作者和游戏玩家影响较大。

Citrix Publishes Patches After Attackers Exploit Memory Overflow Vulnerability
NetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2.

Just-in-Time, Database, Kubernetes Access Fuel Privileged Access Startup M&A
By acquiring startup Axiom Security, Okta aims to enhance privileged access by offering broader coverage of sensitive assets like Kubernetes containers and databases. The company says the move accelerates value delivery and complements Okta's existing privileged access capabilities.

Department of Government Efficiency Staffers Created 'Live Replica' of SSA Data
The Social Security Administration's chief data officer is warning in a whistleblower complaint that DOGE created a cloud replica of the Social Security database without proper authorization or oversight, potentially exposing the personal data of 300 million Americans.

Pakistan-Linked Threat Actor Targets Indian Linux Operation System
Pakistan-linked hackers are targeting an Indian Linux-based operating system by tricking government employees into clicking malicious files that look like PDFs. When opened, the files install spyware, giving attackers long-term access to sensitive government systems.

株式会社PFUが提供するScanSnap Managerのインストーラには、権限昇格につながる脆弱性が存在します。

因中国企业率先在本国注册了无印良品商标，经营“无印良品”的日本株式会社良品计划在中国提起商标无效诉讼，今年 6 月最高法院驳回了再审请求，良品计划败诉。中国公司注册的无印良品商标针对的是毛巾、床罩等被称为“24类”的商品，因此良品计划对此类商品只能使用 MUJI 商标，非 24 类商品可以使用“无印良品”商标。良品计划是在 2020 年提起诉讼，它于 2005 年在中国开设了第一家门店，至今拥有逾 400 家门店。

苹果考虑收购Perplexity AI和Mistral AI以加强AI能力，但内部存在分歧。高管埃迪·库伊支持收购，而软件工程高级副总裁克雷格则认为苹果可自行解决AI短板。此外，谷歌搜索垄断问题可能影响苹果收入，促使苹果寻求开发或收购搜索引擎以竞争。

Citrix NetScaler 存在内存损坏漏洞，攻击者可通过 /broker/xml 端点引发服务崩溃并造成拒绝服务攻击。建议更新至官方修复版本以缓解风险。