Aggregator

包括网络钓鱼分、告警分类、访问策略优化、漏洞修复等

Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia. The vulnerability is an incorrect handle […]

Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. [...]

关于日本文部科学省申请下令解散“世界和平统一家庭联合会”（原“统一教会”）一事，东京地方法院 25 日依据《宗教法人法》发出了解散命令。法院指出，捐款令至少超过 1500 人蒙受了约 204 亿日元的损失，“造成了规模空前的巨额损失”，且这样的损失最近仍在持续，教团也未采取充分的应对措施，法院认为除剥夺法人资格外没有有效的处置手段。这是继奥姆真理教等之后第三例以该法规定的“违反法令”为由作出的解散命令决定，也是首个以非法募集捐款等《民法》的不法行为为根据的案例。前首相安倍晋三遭枪击身亡案引发关注，捐款造成损失等再度成为社会问题，教团与政界的密切关系也充分暴露，法院此次对教团做出了严厉的司法判断。教团会长田中富广称，“这是对信教自由的侵害。无论如何都无法接受”，表示拟立即提出申诉。今后若东京高等法院支持该决定，解散命令就将生效。教团方面仍可向最高法院提出申诉。

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows. Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows. VMware Tools for Windows is a suite of utilities that enhances the performance and usability of virtual machines […]

A vulnerability was found in Huawei YutuFZ-5651S1 3.31.2.0. It has been rated as critical. This issue affects some unknown processing of the component SenaryAudio. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2023-52972. An attack has to be approached locally. There is no exploit available.

Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.

A vulnerability, which was classified as critical, has been found in PluXml 5.1.5. Affected by this issue is some unknown functionality. The manipulation of the argument default_lang leads to path traversal. This vulnerability is handled as CVE-2012-2227. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.33/5.16.19/5.17.2 and classified as critical. This issue affects the function _scsih_expander_node_remove. The manipulation of the argument Local leads to use after free. The identification of this vulnerability is CVE-2022-49082. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in PureThemes Realteo Plugin up to 1.2.8 on WordPress. Affected by this issue is the function do_register_user. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2025-2232. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.2.16. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adicionar_tipo_docs_atendido.php. The manipulation of the argument tipo leads to cross site scripting. This vulnerability is known as CVE-2025-29782. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in boopathi0001 WP Test Email Plugin up to 1.1.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-2325. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in GiveWP Plugin up to 3.22.0 on WordPress and classified as problematic. Affected by this vulnerability is the function give_reports_earnings. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-2025. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in tripetto Form Builder Plugin for Contact Forms, Surveys and Quizzes up to 8.0.9 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-1530. The attack may be launched remotely. There is no exploit available.