Aggregator

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Contrast Security reveals a 12.5% annual increase in destructive cyber-attacks on banks

A vulnerability was found in libcurl. It has been classified as critical. Affected is an unknown function. The manipulation leads to integer overflow to buffer overflow. This vulnerability is traded as CVE-2025-0725. It is possible to launch the attack remotely. There is no exploit available.

从基础到高级，全方位掌握.NET加壳保护技术

NETGEAR 发布安全公告，敦促用户尽快更新部分WiFi路由器固件，以修复两个高危漏洞。

看雪论坛作者ID：ty1937

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.6.6/16.7.4/16.8.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2023-6386. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Enterprise Edition up to 16.9.6/16.10.4/16.11.1 and classified as problematic. This vulnerability affects unknown code of the component Group Member Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-1539. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in libcURL up to 8.11.1. This affects an unknown part of the component File Descriptor Handler. The manipulation leads to multiple releases of same resource or handle. This vulnerability is uniquely identified as CVE-2025-0665. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in cURL. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-0167. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Linux Kernel up to 6.4.11. Affected by this vulnerability is the function pipapo_get of the file run-tests.sh of the component nftables. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2023-52925. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.4.10. Affected is the function nf_tables_set_elem_destroy of the component netfilter. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2023-52924. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

以色列间谍软件开发商 Paragon Solutions 证实它的客户包括了美国政府及其盟国。此前 WhatsApp 指控 Paragon 的间谍软件被用于攻击近 90 名记者和公民社团成员。至少有两人公开称自己是目标，其中包括意大利记者 Francesco Cancellato 和生活在瑞典的利比亚活动人士 Husam El Gomati。Paragon CEO John Fleming 在声明中表示，该公司要求客户同意禁止非法攻击记者和其他公民社团活动人士的条款，该公司对此类行为零容忍，将终止任何违反服务条款的客户。Fleming 没有证实该公司是否因客户违反条款而终止服务，他拒绝对 WhatsApp 的终止函发表评论。Cancellato 是新闻网站 Fanpage.it 的负责人，该网站去年发表了一份调查报告，针对的是意大利总理 Giorgia Meloni 的 Fratelli d’Italia 党下属青年组织 Gioventù Meloniana，调查披露该组织成员发表过亲纳粹和墨索里尼的口号。El Gomati 也批评过意大利和利比亚合作阻止移民跨越地中海抵达欧洲。

Лёгкие деньги исчезают вместе с последним напряжением в проводах.

Cybersecurity risk management company Tenable announced plans to acquire Vulcan Cyber for approximately $147 million in cash and $3 million in restricted stock units.

The post Tenable Acquires Vulcan Cyber, Building on AI-Powered Risk Prioritization appeared first on Security Boulevard.

Veriti launched Veriti Cloud, an expansion of its Exposure Assessment and Remediation platform that brings proactive cloud native remediation to the forefront. With Veriti Cloud, organizations gain advanced capabilities to automate remediation across both on-premises and cloud environments, hardening their security posture while ensuring operational continuity. Veriti has long provided automated remediation for cloud environments, but the introduction of Veriti Cloud takes this to the next level with proactive enforcement, seamless cross-platform integrations, and the … More →

The post Veriti Cloud automates remediation across both on-premises and cloud environments appeared first on Help Net Security.

A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems

Авторы-призраки и фейковые рецепты – библиотеки тонут в потоке ИИ-литературы.

Atrinet launched Atrinet URL Scanner, a solution designed to combat real-time SMS fraud. The solution combines Google Web Risk’s technology scanning capabilities with Atrinet’s telecom security expertise, enabling Communication Service Providers (CSPs) to safeguard subscribers, protect revenues, and build customer trust. The rising threat of SMS Fraud Smishing attacks—fraudulent messages containing harmful links—have surged by 60% in 2024, costing billions of dollars globally. Existing firewalls can fail to scan URLs effectively, leaving fraudulent links unchecked. … More →

The post Atrinet URL Scanner helps comabat SMS phishing appeared first on Help Net Security.