Aggregator

The latest Gemini models quite reliably interpret hidden Unicode Tag characters as instructions. This vulnerability, first reported to Google over a year ago, has not been mitigated at the model or API level, hence now affects all applications built on top of Gemini. This includes Google’s own products and services, like Google Jules. Hopefully, this post helps raise awareness of this emerging threat. Invisible Prompt Injections in GitHub Issues When Jules is asked to work on a task, such as a GitHub issue, it is possible to plant invisible instructions into a GitHub issue to add backdoor code, or have it run arbitrary commands and tools.

Kaspersky и McAfee бессильны — хакеры выключают защиту одним кликом.

HexStrike AI, the leading autonomous cybersecurity framework, today announced seamless integration with ChatGPT, Claude, and GitHub Copilot, enabling these AI agents to orchestrate over 150 professional security tools for comprehensive penetration testing and vulnerability intelligence. This milestone empowers developers, red teams, and bug bounty hunters to harness conversational AI interfaces for advanced, fully automated security […]

The post HexStrike AI Links ChatGPT, Claude, and Copilot to 150+ Security Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

微软 Windows 部门主管 Pavan Davuluri 在一则公司视频中表示，随着 AI 彻底改变用户与计算机的交互方式，下一代 Windows 将变得“更具环境感、更普适、更多模态（more ambient, pervasive, and multi-modal）”。Davuluri 表示，语音将与键盘和鼠标一起成为 Windows 主要的输入方式，操作系统将具有情境感知功能，通过自然语言理解屏幕内容和用户意图。他表示，随着平台日益智能化，Windows 界面将在五年内发生根本性的变化。这种转变将依赖于本地处理能力和云计算能力去提供无缝的体验，用户可以在打字或墨迹式画图的同时与计算机对话。

牛牛的秘籍+1

A newly disclosed vulnerability in Palo Alto Networks’ GlobalProtect application could allow attackers to escalate privileges and install malicious software on affected systems through improper certificate validation. The security flaw, tracked as CVE-2025-2183, was published on August 13, 2025, and affects multiple versions of the popular VPN client across Windows and Linux platforms. Critical Security […]

The post Palo Alto GlobalProtect Vulnerability Allows Privilege Escalation via Certificate Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Неаутентифицированные атаки ставят под угрозу конфиденциальные данные.

The U.S. Department of the Treasury has announced sanctions against Grinex, the successor to Russian cryptocurrency exchange Garantex, which was previously sanctioned for helping ransomware gangs launder their money. [...]

A significant security breach has exposed the complete source code of ERMAC V3.0, a sophisticated banking trojan that targets over 700 financial applications worldwide. The leak, discovered by cybersecurity firm Hunt.io in March 2024, was made possible by a surprisingly weak default password: “changemeplease.” The discovery occurred when Hunt.io researchers identified an open directory containing […]

The post Source Code of ERMAC V3.0 Malware Exposed by ‘changemeplease’ Password appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4 and classified as critical. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument _mavlink_shell leads to use after free. The identification of this vulnerability is CVE-2025-9020. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in WP Table Builder Plugin up to 2.0.12 on WordPress. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-8604. The attack may be initiated remotely. There is no exploit available.

美军退役高官建议美网络司令部采取四项措施加快网络战备

尚不清楚有多少辆公交车受到影响

A vulnerability classified as problematic was found in McGallery 1.1. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument lang leads to path traversal. This vulnerability is known as CVE-2005-1998. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in MAXdev MD-Pro 1.0.73. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2005-2885. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in MarmaraWeb MarmaraWeb E-commerce. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument page leads to memory corruption. This vulnerability is uniquely identified as CVE-2005-4287. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Qcm Marwel 2.7 and classified as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument show leads to sql injection. This vulnerability is handled as CVE-2005-4403. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Debian Linux 3.1. Affected by this vulnerability is an unknown functionality of the file view_all_set.php. The manipulation of the argument dir leads to basic cross site scripting. This vulnerability is known as CVE-2005-2557. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MarmaraWeb MarmaraWeb E-commerce. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to basic cross site scripting. This vulnerability was named CVE-2005-4288. The attack can be initiated remotely. Furthermore, there is an exploit available.