Aggregator

Пока ты читаешь описание CVE, ИИ уже пишет эксплоит.

Nederland wordt steeds vaker geconfronteerd met hybride aanvallen die onze samenleving proberen te ontwrichten en verzwakken. Met name de Russische brutaliteit ziet de Militaire Inlichtingen- en Veiligheidsdienst (MIVD) daarbij toenemen. Dat schrijft de MIVD in het openbaar jaarverslag over 2024. Vandaag is het naar de Tweede Kamer gestuurd.

Для этого даже не нужно быть владельцем домена, налетай!

钓鱼攻击利用Google Sites和DKIM签名伪造合法邮件窃取凭证，手法极其复杂！

A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) has now entered active exploit risk after researchers published a proof-of-concept (PoC) this week. The flaw, discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of Ruhr University Bochum, allows unauthenticated attackers to execute arbitrary code on vulnerable systems, posing a […]

The post PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ночью был один центр — к утру их уже три.

A vulnerability, which was classified as critical, has been found in D-Link DIR-823G 1.0.2B05. Affected by this issue is the function sub_4484A8. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-27658. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in Apple iOS and iPadOS and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sandbox issue. This vulnerability is known as CVE-2023-42961. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sandbox issue. This vulnerability is handled as CVE-2023-42961. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple macOS up to 13. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-42982. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in CrushFTP up to 10.8.3/11.3.0. This affects the function login_user_pass of the component HTTP Component. The manipulation leads to authentication bypass by primary weakness. This vulnerability is uniquely identified as CVE-2025-31161. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Gladinet CentreStack up to 16.1.10296.56315. Affected by this vulnerability is an unknown functionality of the file portal\web.config of the component Portal. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is known as CVE-2025-30406. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Autofill. The manipulation leads to clickjacking. This vulnerability is known as CVE-2025-3073. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component Navigations. The manipulation leads to origin validation error. This vulnerability is handled as CVE-2025-3071. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as problematic. This affects an unknown part of the component Downloads. The manipulation leads to clickjacking. This vulnerability is uniquely identified as CVE-2025-3074. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Google Chrome. Affected is an unknown function of the component Custom Tabs. The manipulation leads to clickjacking. This vulnerability is traded as CVE-2025-3072. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. This issue affects some unknown processing of the component DevTools. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-0762. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, has sent shockwaves through the cybersecurity community after researchers revealed it could enable attackers to execute arbitrary code and escalate privileges to SYSTEM level on targeted machines. The flaw, disclosed by researchers at Cyberdom Blog, poses a significant risk to millions of Windows […]

The post Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. “There has been a sharp increase in the number of cases of unauthorized […]

本文在现有开源工具TLS-Attacker和TLS-Scanner的基础上，扩展了对DTLS协议的支持，以对DTLS实现的进行评估并构建首个相关数据集。