dovecot >= 2.4 需要手动干预
Dovecot 2.4版本引入重大变更,导致与旧版配置文件不兼容且无法自动迁移。复制功能已被移除。提供替代软件包以支持依赖旧功能或无法升级的用户,并将继续为2.3版本提供关键安全修复。
Aggregator
CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware
1 day 9 hours ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a critical use-after-free vulnerability in the Linux kernel, tracked as CVE-2024-1086. This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide. First disclosed earlier this […]
The post CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware appeared first on Cyber Security News.
Guru Baran
深入分析调试CVE-2024-30090-ks.sys内核流服务权限提升漏洞
1 day 9 hours ago
CVE-2024-30090通过竞争条件(Race Condition)巧妙绕过权限检查机制。
Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell
1 day 10 hours ago
Cybercriminals and state-sponsored actors are ramping up attacks on unpatched Cisco IOS XE devices across Australia, deploying a persistent Lua-based web shell known as BADCANDY to maintain unauthorized access. This implant, first spotted in variations since October 2023, has seen renewed exploitation throughout 2024 and into 2025, exploiting the critical CVE-2023-20198 vulnerability in the software’s […]
The post Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell appeared first on Cyber Security News.
Guru Baran
CVE-2025-22072 | Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1 simple_rmdir privilege escalation (Nessus ID 234884 / WID-SEC-2025-0844)
1 day 10 hours ago
A vulnerability classified as problematic was found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1. This impacts the function simple_rmdir. Executing manipulation can lead to privilege escalation.
This vulnerability is handled as CVE-2025-22072. The attack can only be done within the local network. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-22071 | Linux Kernel up to 6.14.1 spufs_create_context memory leak (Nessus ID 234884 / WID-SEC-2025-0844)
1 day 10 hours ago
A vulnerability classified as problematic has been found in Linux Kernel up to 6.14.1. The affected element is the function spufs_create_context. Performing manipulation results in memory leak.
This vulnerability is reported as CVE-2025-22071. The attacker must have access to the local network to execute the attack. No exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-22061 | Linux Kernel up to 6.14.1 airoha_tc_get_htb_get_leaf_queue state issue (Nessus ID 240657 / WID-SEC-2025-0844)
1 day 10 hours ago
A vulnerability marked as problematic has been reported in Linux Kernel up to 6.14.1. The affected element is the function airoha_tc_get_htb_get_leaf_queue. This manipulation causes state issue.
This vulnerability appears as CVE-2025-22061. The attacker needs to be present on the local network. There is no available exploit.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-22064 | Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1 nf_tables privilege escalation (Nessus ID 237088 / WID-SEC-2025-0844)
1 day 10 hours ago
A vulnerability was found in Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component nf_tables. Performing manipulation results in privilege escalation.
This vulnerability is identified as CVE-2025-22064. The attack can only be performed from the local network. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations
1 day 10 hours ago
Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vulnerability, tracked as CVE-2025-59287, was patched by Microsoft on October 14, 2025, but attackers quickly began abusing it after proof-of-concept code became publicly available on GitHub. Sophos telemetry […]
The post Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations appeared first on Cyber Security News.
Guru Baran
U8cloud 所有版本 NCCloudGatewayServlet 远程命令执行和任意文件上传(基于该漏洞的变种)
1 day 10 hours ago
前言2025-09-24 用友又又又发布了一个漏洞 关于U8cloud所有版本NCCloudGatewayServlet接口存在命令执行漏洞的安全公告 这次又是全版本的漏洞但是,我觉得这也可以是文件上传漏洞,往下看吧。https://security.yonyou.com/#/noticeInfo?id=736来来来现热乎的,我们先去分析一波看,官方说的升级补丁升级补丁<U8CLOUD系统
语言模型之后,智源 EMU3.5 找到了 AI 的「第三种 Scaling 范式」
1 day 10 hours ago
迎来多模态世界模型新时代?
李想谈万台MEGA召回:生命只有一次;传明年AirPods配摄像头+AI;神舟二十一飞船发射成功,对接速度创纪录 | 极客早知道
1 day 10 hours ago
李想谈万台MEGA召回:生命只有一次;传明年AirPods配摄像头+AI;神舟二十一飞船发射成功,对接速度创纪录 | 极客早知道
1 day 10 hours ago
嗯,用户让我总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,我先看看文章内容。
文章标题是“环境异常”,内容提到当前环境异常,完成验证后可以继续访问,并有一个“去验证”的按钮。看起来这是一条提示信息,告诉用户需要进行验证才能继续使用服务。
那我需要把重点放在环境异常和需要验证上。同时要控制在100字以内,所以得简洁明了。
可能的总结:当前环境出现异常,需完成验证后方可继续访问。这样刚好16个字,符合要求。
或者稍微详细一点:由于环境异常,用户需完成验证后才能继续访问。这样20个字左右。
嗯,感觉第一种更简洁,符合用户的要求。
当前环境出现异常,需完成验证后方可继续访问。
语言模型之后,智源 EMU3.5 找到了 AI 的「第三种 Scaling 范式」
1 day 10 hours ago
当前环境出现异常,需完成验证后才能继续访问。
free, open-source file scanner
1 day 10 hours ago
该文章讨论了逆向工程的相关内容及其在技术分析中的应用。
How L.A. Scores “Vulnerability” of Unhoused People Is Changing: What You Need to Know
1 day 10 hours ago
The Markup是一家非营利组织,致力于通过数据驱动的报道推动技术问责和隐私保护。
The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM
1 day 11 hours ago
Twilio acquiring Stytch signals a major shift in developer CIAM. I've analyzed 20+ platforms—from Descope to Keyclock—to show you which deliver on Auth0's promise without the lock-in. OpenID standards, AI agent auth, and what actually matters when choosing your identity platform.
The post The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM appeared first on Security Boulevard.
Deepak Gupta - Tech Entrepreneur, Cybersecurity Author
The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM
1 day 11 hours ago
嗯,用户让我总结一下这篇文章的内容,控制在一百个字以内。首先,我需要通读文章,抓住主要观点。文章主要讲的是Twilio收购Stytch,这在开发者社区引起了很大反响。作者认为这次收购不仅仅是技术上的整合,更是对客户身份和访问管理(CIAM)领域的一次重大变革。
接下来,我注意到文章提到了Auth0被Okta收购后的一些变化,以及开发者对更友好、更开放的CIAM平台的需求。然后,作者详细介绍了几个竞争对手的情况,比如Descope、FusionAuth、MojoAuth等,分析了它们各自的优缺点。
此外,文章还讨论了现代认证方法的重要性,如无密码认证、AI代理认证等,并强调了基于开放标准的架构对于避免供应商锁定的重要性。最后,作者指出Twilio和Stytch的结合有可能成为新的行业标准,并对未来的发展趋势进行了展望。
总结的时候,我需要把重点放在收购的意义、对开发者的影响以及未来的发展方向上。控制在100字以内的话,可能需要精简到关键点:收购带来的变化、开发者友好平台的重要性、现代认证方法以及未来的市场影响。
现在把这些点整合成一个简洁的中文摘要。
Twilio收购Stytch标志着客户身份与访问管理(CIAM)领域的重大变革。此次收购整合了Twilio的开发者信任与Stytch的现代认证技术,为市场提供了真正基于开放标准的开发者友好平台。随着AI代理和现代应用需求的增长,该组合将推动行业向更灵活、安全且标准化的方向发展。
INC
1 day 11 hours ago
You must login to view this content
cohenido
CVE-2018-1321 | Apache Syncope up to 1.2.10/2.0.7 XSLT input validation (EDB-45400 / BID-103508)
1 day 11 hours ago
A vulnerability, which was classified as critical, has been found in Apache Syncope up to 1.2.10/2.0.7. This affects an unknown function of the component XSLT Handler. The manipulation leads to improper input validation.
This vulnerability is referenced as CVE-2018-1321. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
It is advisable to upgrade the affected component.
vuldb.com