Aggregator

预计下一季度财务还将继续受损

时隔7年后终于迎来新进展

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them

A sophisticated phishing operation exploiting compromised Indiana government sender accounts to distribute fraudulent TxTag toll collection messages.  The campaign, which emerged this week, leverages the GovDelivery communications platform to lend legitimacy to the scam emails targeting unsuspecting recipients nationwide. Sophisticated Phishing Targets Indiana Toll Users  The phishing emails, which appear to originate from legitimate Indiana […]

The post Hacking Abusing GovDelivery For TxTag ‘Toll Charges’ Phishing Attack appeared first on Cyber Security News.

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年5月5日至2025年5月11日）安全漏洞情况如下

SecuX launched hardware-based cybersecurity solution tailored for small and medium-sized businesses (SMBs). At the core is Cyber Athena, an enterprise-grade cold wallet that integrates PUF-based authentication via PUFido and PUFhsm hardware modules, designed to meet rising demand for secure, self-managed Bitcoin custody. In light of policy direction under President Trump advocating for a national “Bitcoin Strategic Reserve,” and the growing trend of companies like Strategy (formerly MicroStrategy) adopting Bitcoin as a corporate reserve asset, Cyber … More →

The post SecuX releases Bitcoin self-managed solution for SMBs appeared first on Help Net Security.

近期，CNNVD开展了2025年度（第一期）接报漏洞奖励评选工作，其中22个漏洞在我国网络安全漏洞预警及风险消控工作中发挥了积极作用，获奖名单如下。

Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice enterprise phone systems. Fortinet released security updates to address a critical remote code execution zero-day, tracked as CVE-2025-32756, that was exploited in attacks targeting FortiVoice enterprise phone systems. The vulnerability is a stack-based overflow issue that impacts in FortiVoice, FortiMail, FortiNDR, […]

Вы делились болью с ИИ, а он поделился ею с государством — и это не метафора.

RSAC 2025创新沙盒 | TwineSecurity ：数字员工驱动企业安全建设

全球41国4000人齐聚！史上最大规模“锁盾2025”攻防演练震撼来袭！

A vulnerability, which was classified as critical, has been found in Adobe Animate up to 23.0.11/24.0.8. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-30328. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Animate up to 23.0.11/24.0.8. This affects an unknown part. The manipulation leads to integer underflow. This vulnerability is uniquely identified as CVE-2025-43555. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Animate up to 23.0.11/24.0.8 and classified as critical. This vulnerability affects unknown code. The manipulation leads to integer overflow. This vulnerability was named CVE-2025-43556. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Animate up to 23.0.11/24.0.8 and classified as critical. This issue affects some unknown processing. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2025-43557. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Animate up to 23.0.11/24.0.8. It has been classified as problematic. Affected is an unknown function. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-30329. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Photoshop Desktop up to 25.12.2/26.5 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-30325. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Connect up to 12.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-30314. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Connect up to 12.8. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-30315. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Connect up to 12.8. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-30316. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.