Aggregator

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. This vulnerability was named CVE-2025-4298. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-4299. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component HTML. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-4096. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. This affects an unknown part of the component DevTools. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-4050. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

关键词Skype你当年用过Skype和家人朋友聊天吗？据央视新闻消息，美国微软公司旗下即时通信软件Skype正式停止运营。

Maine-Based Firm Already Facing Several Proposed Class Action Lawsuits in Breach
A Maine-based software supplier to medication infusion centers is notifying more than 118,000 individuals that their information was potentially stolen in a hack discovered in February. The firm is already facing at least five proposed federal class action lawsuits involving the data theft.

Hackers Bypass MFA to Steal Australians' Banking Credentials
Melbourne-based ANZ Bank will introduce passwordless authentication for digital banking services amid news that hackers have stolen the banking credentials of tens of thousands of Australians. Cybercriminals used infostealer malware to steal the credentials of more than 30,000 Australians.

Critics Say Public Benefit Corporation Model May Undermine AI Safety and Oversight
OpenAI’s nonprofit parent will retain control as its for-profit subsidiary becomes a public benefit corporation. While the company frames the change as mission-driven, critics fear it may strip the nonprofit of meaningful control and expose AGI development to uncontrolled commercial interests.

Hacker Breaches Government-Approved Messaging App Used by Top Trump Officials
A Signal clone messaging app apparently being used by top advisers to U.S. President Donald Trump abruptly went dark Monday following a reported hacking incident. TeleMessage said it temporarily suspended messaging services "out of an abundance of caution."

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also

阿联酋公立学校将开设 AI 课程，它正努力成为该地区的 AI 强国。AI 课程将于 2025-2026 学年面向幼儿园至 12 年级学生开设。课程内容包括道德意识、基础概念以及实际应用。阿联酋加入了越来越多将 AI 纳入学校教育的国家行列。中国上个月宣布了类似的举措，将向中小学生推出 AI 课程。阿联酋已向训练 AI 模型的数据中心进行大量投资，并设立了一支 AI 投资基金，基金规模据报道将在几年内增长到 1000 亿美元以上。

录播+直播 动手实践，实现从0到1的跨越

微软 Telnet 服务器 0Click 漏洞可使攻击者绕过身份验证获管理员权限

看雪论坛作者ID：OrionisLi

An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers. Exploit attempts have been flagged by the SANS Internet Storm Center and Arctic Wolf researchers: the attackers are using the vulnerability to upload and execute a script that contains a downloader for a Mirai bot. About CVE-2024-7399 Samsung MagicINFO is a digital signage management platform that is used to create, schedule, … More →

The post Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399) appeared first on Help Net Security.

A vulnerability was found in Netgear WAC120, WAC505, WAC510, WNAP320, WNAP210v2, WNDAP350, WNDAP360, WNDAP660, WNDAP620, WND930 and WN604 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2018-21096. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear WAC505, WAC510, WAC120, WN604, WNAP320, WNAP210v2, WNDAP350, WNDAP360, WNDAP660, WNDAP620 and WND930. It has been classified as critical. Affected is an unknown function. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2018-21097. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear D7800, DM200, R6100, R7500, R7500v2, R7800, R8900, R9000, WNDR4300, WNDR4300v2, WNDR4500v3 and WNR2000v5 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Stored). This vulnerability is handled as CVE-2018-21155. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in SolarWinds WebHelpDesk 12.7.1. Affected by this vulnerability is an unknown functionality of the file TicketActions/view?tab=group of the component TSV Export Handler. The manipulation as part of Request leads to code injection. This vulnerability is known as CVE-2019-20002. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Rukovoditel 2.5.2. This issue affects some unknown processing of the component User Access Groups Page. The manipulation leads to cross site scripting (Stored). The identification of this vulnerability is CVE-2020-11822. The attack may be initiated remotely. There is no exploit available.