Aggregator

微软官方发布8月安全更新，请及时安装补丁修复。

Android privilege escalation has been transformed by rooting frameworks such as KernelSU, APatch, and SKRoot, which use advanced kernel patching techniques to enable unauthorized code execution at the kernel level. These tools hook into critical system calls, such as prctl, to establish covert channels between user-space manager apps and kernel space, enabling operations like SELinux […]

The post Attackers Need Just One Vulnerability to Own Your Rooted Android appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.7. It has been classified as problematic. Affected is an unknown function of the file /html/personalizacao_remover.php of the component Image File Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-55171. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in LabRedesCefetRJ WeGIA up to 3.4.7. This issue affects some unknown processing of the file /html/alterar_senha.php. The manipulation of the argument verificacao/redir_config leads to cross site scripting. The identification of this vulnerability is CVE-2025-55170. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Framemaker up to 2020.8/2022.6. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-54230. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Framemaker up to 2020.8/2022.6. This affects an unknown part of the component File Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-54229. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe Framemaker up to 2020.8/2022.6. This vulnerability affects unknown code of the component File Handler. The manipulation leads to use after free. This vulnerability was named CVE-2025-54231. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Framemaker up to 2020.8/2022.6. This issue affects some unknown processing of the component File Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-54232. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Stager up to 3.1.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-54222. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Framemaker up to 2020.8/2022.6. Affected is an unknown function of the component File Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-54233. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Dimension up to 4.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-54238. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

全世界最先进的 AI 模型都来自美国公司，都是私有模型，而中国在开源模型或开放权重模型领域处于领先地位，这令硅谷和华盛顿感到担忧，担心中国的模型可能会成为 AI 行业标准。行业标准并不一定是技术最先进的，易获得性和灵活性也非常重要，比如移动领域的 Android。对很多企业而言，使用开源模型可以对其进行更自由的调控，确保敏感信息不外泄。新加坡华侨银行使用开源模型开发了数十种内部工具，它使用的开源模型包括了 Google 的 Gemma，阿里巴巴的 Qwen 以及杭州深度求索的 DeepSeek。OpenAI 最新发布的开源模型 gpt-oss 在多项测试中不如阿里巴巴的 Qwen3，但 Qwen3 的参数规模几乎是 gpt-oss 的两倍，意味着 Qwen 可能需要消耗更多的算力完成相同的任务。OpenAI表示，gpt-oss 在推理任务上的表现优于同等参数规模的竞争对手，以低成本实现了强大的性能。亚马逊 AWS 表示，gpt-oss 比在其基础设施上运行的 DeepSeek R1 性价比更高。

Майнер-киллер убивает конкурентов и оседает в Linux-системах.

所谓必修漏洞，就是运维人员必须修复、不可拖延、影响范围较广的漏洞，被黑客利用并发生入侵事件后，会造成十分严重

所谓必修漏洞，就是运维人员必须修复、不可拖延、影响范围较广的漏洞，被黑客利用并发生入侵事件后，会造成十分严重

​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able's N-central remote monitoring and management (RMM) platform. [...]

腾讯云安全公布近期安全漏洞清单，建议自查更新，防入侵保业务安全

腾讯云安全公布近期安全漏洞清单，建议自查更新，防入侵保业务安全