Aggregator

SAP недооценила последствия Visual Composer.

A vulnerability, which was classified as problematic, was found in Microsoft Windows. Affected is an unknown function of the component Routing/Remote Access Service. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-29960. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Routing/Remote Access Service. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-29961. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Microsoft Windows. This vulnerability affects unknown code of the component Routing/Remote Access Service. The manipulation leads to uninitialized resource. This vulnerability was named CVE-2025-29958. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. This issue affects some unknown processing of the component Routing/Remote Access Service. The manipulation leads to uninitialized resource. The identification of this vulnerability is CVE-2025-29959. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Remote Desktop Client. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-29967. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Microsoft has issued a security advisory regarding a new vulnerability in Active Directory Certificate Services (AD CS) that could allow attackers to perform denial-of-service attacks over a network.  The vulnerability, identified as CVE-2025-29968, affects multiple versions of Windows Server and has been assigned an “Important” severity rating with a CVSS score of 6.5/5.7. The security […]

The post Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network appeared first on Cyber Security News.

Обзор лучших сервисов для обнаружения дипфейков.

Звонки шли, журналы стирались, команды выполнялись — теперь патч должен потушить пожар.

Система экстренных уведомлений превратилась в канал доставки фишинговых сообщений.

新技术带来新机遇，也带来新风险！

Microsoft has patched seven zero-day bugs, five of which were exploited in the wild

预计下一季度财务还将继续受损

时隔7年后终于迎来新进展

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them

A sophisticated phishing operation exploiting compromised Indiana government sender accounts to distribute fraudulent TxTag toll collection messages.  The campaign, which emerged this week, leverages the GovDelivery communications platform to lend legitimacy to the scam emails targeting unsuspecting recipients nationwide. Sophisticated Phishing Targets Indiana Toll Users  The phishing emails, which appear to originate from legitimate Indiana […]

The post Hacking Abusing GovDelivery For TxTag ‘Toll Charges’ Phishing Attack appeared first on Cyber Security News.

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年5月5日至2025年5月11日）安全漏洞情况如下

SecuX launched hardware-based cybersecurity solution tailored for small and medium-sized businesses (SMBs). At the core is Cyber Athena, an enterprise-grade cold wallet that integrates PUF-based authentication via PUFido and PUFhsm hardware modules, designed to meet rising demand for secure, self-managed Bitcoin custody. In light of policy direction under President Trump advocating for a national “Bitcoin Strategic Reserve,” and the growing trend of companies like Strategy (formerly MicroStrategy) adopting Bitcoin as a corporate reserve asset, Cyber … More →

The post SecuX releases Bitcoin self-managed solution for SMBs appeared first on Help Net Security.

近期，CNNVD开展了2025年度（第一期）接报漏洞奖励评选工作，其中22个漏洞在我国网络安全漏洞预警及风险消控工作中发挥了积极作用，获奖名单如下。

Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice enterprise phone systems. Fortinet released security updates to address a critical remote code execution zero-day, tracked as CVE-2025-32756, that was exploited in attacks targeting FortiVoice enterprise phone systems. The vulnerability is a stack-based overflow issue that impacts in FortiVoice, FortiMail, FortiNDR, […]