Aggregator
Qilin
2 months ago
You must login to view this content
cohenido
5 компаний стали хозяевами интернета — правозащитники кричат: пора поставить Google, Apple и Meta на место
2 months ago
Amnesty призывает разорвать отношения с Big Tech и заставить государства действовать.
漏洞通告 | Gitblit 身份认证绕过漏洞
2 months ago
立即查看详情 →
Critical ImageMagick Vulnerability Allows Remote Code Execution
2 months ago
A critical security vulnerability has been discovered in ImageMagick, the widely used open-source image processing software, that could allow attackers to execute arbitrary code remotely. The vulnerability, tracked as CVE-2025-57803 with a severity score of 9.8 out of 10, affects 32-bit builds of ImageMagick versions before 7.1.2-2 and 6.9.13-28. The Vulnerability Details The security flaw stems from a 32-bit […]
The post Critical ImageMagick Vulnerability Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
Malicious npm Package Impersonates Popular Nodemailer, Puts 3.9M Weekly Downloads at Risk of Crypto Theft
2 months ago
A sophisticated cryptocurrency theft scheme involving a malicious npm package that masquerades as the widely-used Nodemailer email library while secretly hijacking desktop cryptocurrency wallets on Windows systems. Socket’s Threat Research Team identified the malicious package, nodejs-smtp, which impersonates the legitimate Nodemailer library that averages approximately 3.9 million weekly downloads. The fraudulent package employs a clever […]
The post Malicious npm Package Impersonates Popular Nodemailer, Puts 3.9M Weekly Downloads at Risk of Crypto Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Mayura Kathir
CVE-2025-9769 | D-Link DI-7400G+ 19.12.25A1 /mng_platform.asp sub_478D28 addr command injection
2 months ago
A vulnerability described as critical has been identified in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection.
This vulnerability was named CVE-2025-9769. An attack on the physical device is feasible. In addition, an exploit is available.
vuldb.com
Python 纪录片上线
2 months ago
由 CultRepo 制作的 Python 语言纪录片《Python: The Documentary | An origin story》上周在 YouTube 上线,观看量超过了 18 万次。Python 语言最初是荷兰程序员 Guido van Rossum 的“课余”项目,它简洁易读的特性最终令其从众多编程语言中脱颖而出,成为最受人喜爱的语言之一,成为驱动 AI、数据科学以及科技巨头所开发软件使用的语言。出现在纪录片中的人物包括了 Guido van Rossum、Travis Oliphant、Barry Warsaw 等,它讲述了 Python 的崛起、社区驱动的演变、几乎导致分崩离析的冲突,以及这门语言对世界万物的影响。
CVE-2025-9784 | Red Hat Undertow HTTP/2 MadeYouReset denial of service
2 months ago
A vulnerability, which was classified as problematic, was found in Red Hat Undertow. This impacts an unknown function of the component HTTP2 Handler. Such manipulation leads to denial of service.
This vulnerability is referenced as CVE-2025-9784. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2022-38695 | Unisoc S8000 BootRom Local Privilege Escalation
2 months ago
A vulnerability, which was classified as problematic, has been found in Unisoc SC9863A, T310, T610, T618, T606, T612, T616, T760, T770, T820 and S8000. This affects an unknown function of the component BootRom. This manipulation causes Local Privilege Escalation.
The identification of this vulnerability is CVE-2022-38695. The attack can only be executed locally. There is no exploit available.
vuldb.com
CVE-2022-38694 | Unisoc SC9863A/T310/T610/T618 BootRom memory corruption
2 months ago
A vulnerability classified as critical was found in Unisoc SC9863A, T310, T610 and T618. The impacted element is an unknown function of the component BootRom. The manipulation results in memory corruption.
This vulnerability was named CVE-2022-38694. The attack needs to be approached locally. There is no available exploit.
vuldb.com
CVE-2022-38691 | Unisoc SC9863A/T310/T610/T618 BootROM certificate validation
2 months ago
A vulnerability classified as critical has been found in Unisoc SC9863A, T310, T610 and T618. The affected element is an unknown function of the component BootROM. The manipulation leads to improper certificate validation.
This vulnerability is uniquely identified as CVE-2022-38691. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2022-38696 | Unisoc T765 BootRom buffer overflow
2 months ago
A vulnerability described as critical has been identified in Unisoc SC9863A, T310, T610, T618, T606, T612, T616, T760, T770, T820, S8000, T750 and T765. Impacted is an unknown function of the component BootRom. Executing manipulation can lead to buffer overflow.
This vulnerability is handled as CVE-2022-38696. The attack can only be done within the local network. There is not any exploit available.
vuldb.com
WhatsApp Patches Zero-Day, Zero-Click Flaw
2 months ago
WhatsApp has fixed a zero-day vulnerability linked to a sophisticated cyber-attack
CVE-2022-38693 | Unisoc T765 FDL1 buffer overflow
2 months ago
A vulnerability marked as critical has been reported in Unisoc SC9863A, T310, T610, T618, T606, T612, T616, T760, T770, T820, S8000, T750 and T765. This issue affects some unknown processing of the component FDL1. Performing manipulation results in buffer overflow.
This vulnerability is known as CVE-2022-38693. Access to the local network is required for this attack. No exploit is available.
vuldb.com
CVE-2022-38692 | Unisoc S8000 BootROM buffer overflow
2 months ago
A vulnerability labeled as critical has been found in Unisoc SC9863A, T310, T610, T618, T606, T612, T616, T760, T770, T820 and S8000. This vulnerability affects unknown code of the component BootROM. Such manipulation leads to buffer overflow.
This vulnerability is traded as CVE-2022-38692. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com
CVE-2025-58318 | Delta Electronics DIAView up to 4.2.0 missing authentication (PCSA-2025-00015)
2 months ago
A vulnerability identified as critical has been detected in Delta Electronics DIAView up to 4.2.0. This affects an unknown part. This manipulation causes missing authentication.
This vulnerability appears as CVE-2025-58318. The attack requires local access. There is no available exploit.
vuldb.com
ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
2 months ago
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT.
The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures
The Hacker News
Серия вебинаров «Практика противодействия атакам шифровальщиками»
2 months ago
3 практические онлайн-встречи с экспертами команды реагирования и восстановления «Инфосистемы Джет».
CVE-2020-26145 | Samsung Galaxy S3 i9305 4.4.4 WEP/WPA/WPA2/WPA3 injection (Nessus ID 246963 / WID-SEC-2025-1522)
2 months ago
A vulnerability was found in Samsung Galaxy S3 i9305 4.4.4. It has been classified as problematic. The impacted element is an unknown function of the component WEP/WPA/WPA2/WPA3. This manipulation causes injection.
This vulnerability is tracked as CVE-2020-26145. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com