Aggregator

A vulnerability has been found in O2OA up to 10.0-410 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. This vulnerability appears as CVE-2025-9716. The attack may be initiated remotely. In addition, an exploit is available. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability, which was classified as problematic, was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. This vulnerability is reported as CVE-2025-9715. The attack can be launched remotely. Moreover, an exploit is present. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

Submit #637247 / VDB-322007

Submit #637246 / VDB-322006

Submit #637245 / VDB-322005

Submit #637244 / VDB-322004

Submit #637243 / VDB-322003

Покупатели получат право вернуть «неполноценное» устройство.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.3. This impacts the function f2fs_get_dnode_of_data. The manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2025-38677. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

关键词零日漏洞近日，FreePBX 官方发布了一则严重安全公告，提醒用户必须立即限制 FreePBX 管理界面

关键词AI近日，一种新型攻击手段开始出现，其通过在人工智能系统处理的图像中植入恶意提示词，再将图像传输至大型语

关键词AI当心！你的身份证照片可能被AI生成了动态视频。因对AI换脸技术感兴趣，陈某自学相关技能并在网上发布作品。

用户在 Reddit 的 r/blackhat 论坛中询问关于学习内核漏洞利用技术的资源需求。

A new malware campaign, dubbed “Sindoor Dropper,” is targeting Linux systems using sophisticated spear-phishing techniques and a multi-stage infection chain. The campaign leverages lures themed around the recent India-Pakistan conflict, known as Operation Sindoor, to entice victims into executing malicious files. This activity’s standout feature is its reliance on weaponized .desktop files, a method previously […]

The post New ‘Sindoor Dropper’ Malware Targets Linux Systems with Weaponized .desktop Files appeared first on Cyber Security News.

节省时间的，带来情绪价值的，都是前行的路径。

环境异常提示当前网络环境存在问题，需完成验证后方可继续访问，并提供验证链接。

API penetration testing has evolved dramatically in 2025. While traditional, human-led penetration testing remains critical, the scale and complexity of modern APIs have necessitated a new approach. The companies on this list are not just offering one-time testing services; they provide automated, continuous, and intelligent API security platforms that perform dynamic testing, behavioral analysis, and […]

The post Top 10 Best API Penetration Testing Companies In 2025 appeared first on Cyber Security News.

该 subreddit 专注于数字取证科学，涉及从数字设备中恢复和调查材料，特别是在计算机犯罪中的应用。它涵盖多种媒体类型，并通过信息安全管理原则进行事件重建和归属确定。

1 заправка, 4 месяца шпионажа.

基于Linux Rootkit高级威胁恶意软件技术研究入门指导