Aggregator

A vulnerability labeled as critical has been found in Unisoc SC9863A, T310, T610, T618, T606, T612, T616, T760, T770, T820 and S8000. This vulnerability affects unknown code of the component BootROM. Such manipulation leads to buffer overflow. This vulnerability is traded as CVE-2022-38692. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability identified as critical has been detected in Delta Electronics DIAView up to 4.2.0. This affects an unknown part. This manipulation causes missing authentication. This vulnerability appears as CVE-2025-58318. The attack requires local access. There is no available exploit.

Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures

3 практические онлайн-встречи с экспертами команды реагирования и восстановления «Инфосистемы Джет».

A vulnerability was found in ipavlov 7-Zip up to 24.x. It has been declared as critical. Affected by this issue is some unknown functionality of the component RAR5 Handler. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2025-53816. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in ipavlov 7-Zip up to 24.x. It has been rated as problematic. This affects an unknown part of the component Compound Handler. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2025-53817. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Apache Commons Lang up to 2.6/3.17.x. It has been rated as problematic. The impacted element is the function ClassUtils.getClass. The manipulation leads to uncontrolled recursion. This vulnerability is traded as CVE-2025-48924. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.98/6.12.38/6.15.6/6.16-rc5. This impacts an unknown function of the component eventpoll. Executing manipulation can lead to use after free. The identification of this vulnerability is CVE-2025-38349. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.3. This impacts the function f2fs_get_dnode_of_data. The manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2025-38677. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Taiwanese prosecutors have filed charges against three individuals in a case involving the theft of TSMC trade secrets.

The post TSMC Trade Secret Theft: A Former Employee Faces 14 Years in Prison appeared first on Penetration Testing Tools.

一期报名9月7日截止，赶快报名吧~

近日，美国国家标准与技术研究院（NIST）对《数字身份指南》 进行了自2017年以来的首次重大修订。

Microsoft has released the preliminary cumulative update KB5064081 for Windows 11 version 24H2, introducing thirty-six new features and

The post Windows 11’s KB5064081: The Most Feature-Packed Update Yet? appeared first on Penetration Testing Tools.

A vulnerability identified as critical has been detected in Microsoft XML Core Services up to 6.0. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability is referenced as CVE-2012-1889. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Anti-cross Site Scripting Library 3.1. Affected by this issue is some unknown functionality. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2012-0007. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Microsoft Internet Explorer 6/7/8/9/10. This affects an unknown part of the component Col Element. The manipulation as part of Eingabe leads to code injection. This vulnerability is listed as CVE-2012-1876. The attack may be initiated remotely. In addition, an exploit is available. It is suggested to install a patch to address this issue.

A vulnerability labeled as problematic has been found in Microsoft Expression Design up to 4. This affects an unknown part of the component Library Loader. Executing manipulation can lead to untrusted search path. This vulnerability appears as CVE-2012-0016. The attack may be performed from remote. In addition, an exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability classified as critical has been found in McAfee Epo Mcafee Virtual Technician up to 1.0.6. Affected is an unknown function of the component ActiveX Control. This manipulation causes memory corruption. This vulnerability appears as CVE-2012-4598. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.

小红书市集，本质上是在电商的需求与供给之间，创造了更丰富的「上下文（Context）」。