Aggregator

A vulnerability was found in Gogs up to 0.13.2. It has been classified as problematic. Impacted is an unknown function of the component Incomplete Fix CVE-2024-39931. The manipulation leads to files or directories accessible. This vulnerability is listed as CVE-2024-56731. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. Affected by this vulnerability is an unknown functionality. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2025-50179. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in BeyondTrust Remote Support and Privileged Remote Access up to 24.2.4/24.3.4/25.1.1. This impacts an unknown function of the component Chat. This manipulation with the input {{implode(null,array_map(chr(99).chr(104).chr(114),[105,100]))}} causes code injection. This vulnerability appears as CVE-2025-5309. The attack may be initiated remotely. There is no available exploit.

1.Qilin勒索团伙公布了新的受害者 2.Play勒索团伙公布新的受害公司 3.INC Ransom团伙公布新的受害公司

文章指出当前环境出现异常，需完成验证后才能继续访问，并提供验证入口。

Also: New 'Quishing' Tactics, Pro-Houthi Hacker Sentenced to 20 Months
This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an Apple Patch.

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still Pending
Nuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software's MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance's healthcare clients.

CEO Amir Ben-Efraim: Acquisition Adds AI-Powered File Sanitization to Browser Tools
Through its acquisition of Votiro, Menlo Security has embedded file-level sanitization and AI-powered detection directly into its enterprise browser stack. CEO Amir Ben-Efraim says the move helps prevent malware, data leaks and phishing risks at the browser level.

Copilot Falls for Prompt Injection Yet Again
Microsoft quietly fixed a flaw that allowed users to instruct embedded artificial intelligence model Copilot not to log its access corporate files. "If you work at an organization that used Copilot prior to Aug 18, there is a very real chance that your audit log is incomplete."

Also: New 'Quishing' Tactics, Pro-Houthi Hacker Sentenced to 20 Months
This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an Apple Patch.

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still Pending
Nuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software's MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance's healthcare clients.

CEO Amir Ben-Efraim: Acquisition Adds AI-Powered File Sanitization to Browser Tools
Through its acquisition of Votiro, Menlo Security has embedded file-level sanitization and AI-powered detection directly into its enterprise browser stack. CEO Amir Ben-Efraim says the move helps prevent malware, data leaks and phishing risks at the browser level.

Copilot Falls for Prompt Injection Yet Again
Microsoft quietly fixed a flaw that allowed users to instruct embedded artificial intelligence model Copilot not to log its access corporate files. "If you work at an organization that used Copilot prior to Aug 18, there is a very real chance that your audit log is incomplete."

您已被网络安全性拦截。如认为误拦，请提交工单进行调查。

Here’s a look at the most interesting products from the past week, featuring releases from Doppel, Druva, LastPass, and StackHawk. StackHawk empowers security teams to expand their API testing coverage StackHawk releaseed LLM-Driven OpenAPI Specifications, a powerful new capability that creates API documentation directly from source code. With this new capability, StackHawk analyzes source code repositories, extracts API details using homegrown LLMs, and produces accurate OpenAPI specifications automatically. Doppel Simulation combats social engineering attacks Informed … More →

The post New infosec products of the week: August 22, 2025 appeared first on Help Net Security.

研究表明，2002年至2021年全球暴露于野火的人口增加4成，尽管过火面积减少26%，主要因更多人迁居城乡交界地带。85%的接触发生在非洲。野火导致至少2500人死亡、1.5万人受伤及153万人因空气污染死亡。

根据发表在《科学》期刊上的一项研究，从 2002 年至 2021 年，全球直接暴露于野火的人口增加了 4 成。尽管同期过火面积减少了 26%，但这种增长仍在发生。这一增长的主要原因是有更多的人生活在野地-城市交界带——换言之：人们正迁入野火频发地区。此外在 2002 年至 2021 年间，尽管北美、欧洲和大洋洲的野火灾害引发更多的关注，但全球 85% 的与野火的接触发生在非洲（虽然那里的野火通常未达灾难性级别）。在 1990 年至 2021 年间发生的野火造成至少 2500 人死亡和 1 万又 500 人受伤，而全球有 153 万人的死亡可归因于野火引发的空气污染。

Overview Recently, US officials claimed to have successfully gained control of RapperBot, effectively curbing this powerful source of DDoS attacks. The operation pinpointed the key figure behind the botnet, Ethan Foltz. According to the investigation, Foltz has been developing and operating RapperBot since 2021, with his residence in Eugene, Oregon, USA. Since its activity, the […]

The post US Officials Claim to Have Gained Control of the RapperBot appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post US Officials Claim to Have Gained Control of the RapperBot appeared first on Security Boulevard.

美国官员声称成功控制RapperBot僵尸网络，该网络由Ethan Foltz运营并用于DDoS攻击，已影响全球80多个国家和地区。执法部门逮捕Foltz并终止其攻击能力。

文章介紹了使用CopyQ作為剪貼簿管理工具的增強功能與設定方法。通過自訂命令實現圖片、網址和文件夾內容的自動分類備份，並設置快捷鍵快速複製特定項目內容。CopyQ支援跨平台運行且開源於GitHub。