Aggregator

模型上下文协议（MCP）的原理与安全挑战随着大型语言模型（LLM）在各行业的广泛应用，如何高效、安全地将LLM

A coordinated phishing campaign targeting Kuwait’s critical sectors has been exposed through a distinctive operational security lapse: the consistent reuse of SSH authentication keys across multiple attack servers. The campaign, which remains active as of May 2025, has deployed over 100 domains to harvest credentials through meticulously cloned login portals impersonating legitimate Kuwaiti businesses in […]

The post SSH Auth Keys Reuse Exposes Sophisticated Targeted Phishing Attack appeared first on Cyber Security News.

The Brussels Court of Appeal ruled Wednesday that the use of tracking by online advertisers relies on an inadequate consent model and is illegal in Europe.

ALL RING TECH CO., LTD. Falls Victim to BERT Ransomware Group

因清洁能源发电量的增长，中国二氧化碳排放首次在电力需求增长的情况下下降。Carbon Brief 的分析显示，2025 年第一季度中国排放量同比下降 1.6%，过去 12 个月排放量下降 1%。过去十年的排放量下降主要是由于经济放缓以及新冠疫情期间的管控措施。但中国当前的排放量仅仅比近期的峰值下降 1%，下降趋势也可能逆转。2025 年第一季度中国电力需求增长了 2.5%，火电的发电量下降了 4.7%，但太阳能、风能和核能发电量的增长填补了火电的减少并能满足需求的增长，而电力行业总排放量因此下降了 5.8%。

A vulnerability was found in Microsoft Windows Server 2003/Server 2008/XP. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2009-0320. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in W3C Amaya Web Browser 9.1. This affects an unknown part of the file html2thot.c. The manipulation of the argument msgBuffer leads to memory corruption. This vulnerability is uniquely identified as CVE-2009-0323. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Sun OpenSolaris. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Stack. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2009-0346. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in WinFTP Server 2.3.0 and classified as very critical. Affected by this vulnerability is an unknown functionality of the file WFTPSRV.exe. The manipulation of the argument LIST leads to memory corruption. This vulnerability is known as CVE-2009-0351. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in MongoDB BSON-XS up to 0.8.4 on Perl. Affected is an unknown function of the component libbson. The manipulation leads to dependency on vulnerable third-party component. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-40906. The attack can only be done within the local network. There is no exploit available.

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. [...]

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The identification of this vulnerability is CVE-2025-4852. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. This vulnerability was named CVE-2025-4851. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. This vulnerability is uniquely identified as CVE-2025-4850. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.