Aggregator

CVE-2025-54917 | Microsoft Windows up to Server 2025 MapUrlToZone protection mechanism (EUVD-2025-27297)

Vuldb Updates
8 months 2 weeks ago
A vulnerability described as problematic has been identified in Microsoft Windows. Affected is an unknown function of the component MapUrlToZone. Such manipulation leads to protection mechanism failure. This vulnerability is referenced as CVE-2025-54917. It is possible to launch the attack remotely. No exploit is available. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2025-54918 | Microsoft Windows up to Server 2025 NTLM improper authentication

Vuldb Updates
8 months 2 weeks ago
A vulnerability classified as critical has been found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component NTLM. Performing manipulation results in improper authentication. This vulnerability is identified as CVE-2025-54918. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2025-55228 | Microsoft Windows up to Server 2025 Graphics use after free

Vuldb Updates
8 months 2 weeks ago
A vulnerability was found in Microsoft Windows up to Server 2025. It has been declared as critical. The impacted element is an unknown function of the component Graphics. Executing manipulation can lead to use after free. This vulnerability appears as CVE-2025-55228. The attack requires local access. There is no available exploit. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2025-54255 | Adobe Acrobat Reader up to 25.001.20672 violation of secure design principles (apsb25-85 / Nessus ID 264633)

Vuldb Updates
8 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Adobe Acrobat Reader up to 25.001.20672. The impacted element is an unknown function. Executing manipulation can lead to violation of secure design principles. The identification of this vulnerability is CVE-2025-54255. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

黑客声称入侵了 Red Hat 的 GitHub 代码库

Solidot
8 months 2 weeks ago
自称 Crimson Collective 的勒索组织声称入侵 Red Hat 的 GitHub 代码库,窃取了近 570GB 的数据。其中包括 800 份 Customer Engagement Reports(CERs),可能包含了客户网络和平台的敏感信息。Red Hat 证实其咨询业务遭遇了安全事故,但拒绝证实黑客的说法。黑客组织在 Telegram 上公布了盗取的 GitHub 代码库的完整目录列表以及 2020-2025 年的 CER 列表。CER 列表中的知名组织包括了美国银行、T-Mobile、AT&T、富达、凯撒、梅奥诊所、​​沃尔玛、Costco、美国海军水面作战中心、FAA 和 众议院等。黑客表示他们尝试联络 Red Hat 提出勒索要求,但只收到一份模板回复,指示他们向其安全团队提交漏洞报告。

Qilin

Dark Feed IO
8 months 2 weeks ago

You must login to view this content

cohenido

OpenSSL 3.6.0: New features, crypto support

Help Net Security
8 months 2 weeks ago

The OpenSSL Project has announced the release of OpenSSL 3.6.0, a feature update that brings significant functionality improvements, standards compliance, and a few key deprecations that developers and security teams will need to keep in mind. Key cryptographic enhancements OpenSSL 3.6.0 introduces several important crypto updates: NIST security categories for PKEY objects: Public key objects now carry NIST security category information. Opaque symmetric key objects: New APIs support EVP_SKEY opaque symmetric key objects for use … More →

The post OpenSSL 3.6.0: New features, crypto support appeared first on Help Net Security.

Anamarija Pogorelec

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

The Hackers News
8 months 2 weeks ago
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan – using spear-phishing and malicious documents as initial
The Hacker News

千禧一代癌症发病率在上升

Solidot
8 months 2 weeks ago
自 2000 年以来 15-49 岁人群癌症发病率增加了 10%,而老年人口的癌症发病率却略有下降。其中年轻女性的癌症率比同年龄段男性高 83%。美国癌症研究协会(American Association for Cancer Research)会议上发表的一项涉及 15 万人的研究发现,根据血液生物标志物,千禧一代的生物衰老速度看起来比前几代人更快。这种加速现象与肺癌、胃肠道肿瘤和子宫恶性肿瘤等癌症风险增加最高 42% 相关。研究人员将癌症发病率上升与怀孕期间服用的药物、摄入的超加工食品、人造光、轮班工作造成的昼夜节律紊乱,以及化学物质暴露联系起来。

CVE-2024-42442 | Zoom Workplace Desktop App/Meeting SDK/Rooms Client up to 6.1.4 on macOS privileges management

Vuldb Updates
8 months 2 weeks ago
A vulnerability described as critical has been identified in Zoom Workplace Desktop App, Meeting SDK and Rooms Client up to 6.1.4 on macOS. This affects an unknown part. Executing manipulation can lead to improper privilege management. This vulnerability is tracked as CVE-2024-42442. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

Managed ad