Aggregator

A vulnerability categorized as problematic has been discovered in Apple tvOS up to 13.6/18.1. This impacts an unknown function. Such manipulation leads to race condition. This vulnerability is traded as CVE-2024-54494. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Apple visionOS up to 13.6/18.1. Affected is an unknown function. Performing manipulation results in race condition. This vulnerability is known as CVE-2024-54494. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Apple macOS up to 13.6/18.1. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to race condition. This vulnerability is handled as CVE-2024-54494. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Apple macOS up to 15.1. Impacted is an unknown function of the component Privacy Indicators for Microphone. Performing manipulation results in state issue. This vulnerability is reported as CVE-2024-54493. The attack requires a local approach. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been rated as critical. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-9684. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2025-9685. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-9686. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. This vulnerability appears as CVE-2025-9687. The attack may be performed from a remote location. In addition, an exploit is available.

Связка CVE-2025-55177 и CVE-2025-43300 использовалась против выбранных целей в последние месяцы.

Linus Torvalds 更新了内核维护者文档 MAINTAINERS，将文件系统 Bcachefs 标记为由外部维护，发出了他不会接受 Bcachefs 新拉取请求（pull request）的信号。Linux 作者此前与 Bcachefs 维护者 Kent Overstreet 之间爆发冲突，Linus Torvalds 当时表态考虑移除 Bcachefs 文件系统。本月早些时候发布的 Linux 6.17-rc1 就没有合并来自 Overstreet 的任何拉取请求。Bcachefs 代码目前仍然存在于主线 Linux 内核中，可能是为了防止现有用户在使用 Bcachefs 时遇到问题。

Корпорации получили инструмент для «забывания» чужих авторских прав.

WatchTowr Labs uncovers a zero-day exploit (CVE-2025-54309) in CrushFTP. The vulnerability lets hackers gain admin access via the…

A sophisticated voice phishing operation has emerged as a significant threat to organizations worldwide, with cybercriminals successfully infiltrating Salesforce environments to steal sensitive data and demand ransom payments. Google’s Threat Intelligence Group has identified this financially motivated campaign, designating the primary threat cluster as UNC6040, which has demonstrated alarming success in breaching corporate networks through […]

The post Google Urges 2.5B Gmail Users to Reset Passwords After Salesforce Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

刚高中毕业的学生计划学习计算机工程并培养对网络安全的兴趣，寻求关于核心技能、资源、学习与学业平衡及职业建议的指导，目标是掌握实用技能并进入网络安全领域工作。

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes. "In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating a

短直一体与公私域联动。

A critical zero-day vulnerability in Citrix NetScaler products, identified as CVE-2025-6543, has been actively exploited by threat actors since at least May 2025, months before a patch was made available. While Citrix initially downplayed the flaw as a “memory overflow vulnerability leading to unintended control flow and Denial of Service,” it has since been revealed […]

The post Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed appeared first on Cyber Security News.

A vulnerability was found in O2OA up to 10.0-410. It has been declared as problematic. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site scripting. This vulnerability is handled as CVE-2025-9719. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in O2OA up to 10.0-410. It has been classified as problematic. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting. This vulnerability is known as CVE-2025-9718. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability was found in O2OA up to 10.0-410 and classified as problematic. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. This vulnerability is traded as CVE-2025-9717. The attack may be launched remotely. Furthermore, there is an exploit available.