Aggregator

A vulnerability labeled as critical has been found in Discourse up to 3.5.0. Impacted is an unknown function of the component Backup Dump Handler. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-59337. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in ExtremeGuest Essentials 25.4.0. This issue affects some unknown processing of the component Captive-Portal. This manipulation causes improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2025-8679. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in auth0 Auth0-PHP up to 8.16.x. This vulnerability affects unknown code of the component User Import Endpoint. The manipulation results in unrestricted upload. This vulnerability is known as CVE-2025-58769. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Discourse up to 3.5.0. It has been rated as critical. This affects an unknown part of the component AI Suggestion Endpoint. The manipulation of the argument topic_id leads to improper access controls. This vulnerability is traded as CVE-2025-58055. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code (IaC), but it also goes a step further by providing software composition analysis (SCA) for container images and open source packages. With Checkov, you can scan just about any cloud infrastructure setup, whether you’re using Terraform, CloudFormation, AWS SAM, Kubernetes, Helm charts, Kustomize, Dockerfiles, Serverless, Bicep, OpenAPI, … More →

The post Chekov: Open-source static code analysis tool appeared first on Help Net Security.

The Chrome team has released Chrome 141.0.7390.54/55 to the stable channel for Windows, Mac, and Linux, rolling out over the coming days and weeks. This update delivers critical security fixes, including 21 distinct vulnerabilities that span high, medium, and low severity. External researchers contributed to several of these fixes, earning rewards up to $25,000. Users are strongly […]

The post Chrome Security Update Addressing 21 Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

正如城市居民所知，远离都市，奔赴海边，可以享受别样的风景或体验心灵的重启。发表在 ACS《环境科学与技术快报》上的一项研究为海边之旅又平添了一个新的理由。一项研究发现，城市空气潜藏致病性念珠酵母菌菌株，但在沿海空气样本中却没有发现这些菌株，揭示了其潜在的传播途径。念珠酵母菌是一组常见的微生物，存在于人体皮肤和内脏器官黏膜中，但不会造成危害。但是，在某些情况下，这些菌株可能会过度增殖，并导致阴道酵母菌感染或鹅口疮。已知这些感染可通过直接接触或体液传播。先前的研究发现空气中存在念珠菌 DNA，表明这种酵母菌可以通过空气传播。研究人员连续一整年每个月在香港及其附近的一个面向中国南海的人口稀疏地区收集一次空气样本。他们在 12 份城市空气样本中发现了三种被世界卫生组织归类为真菌病原体的念珠菌：白色念珠菌、近平滑念珠菌和热带念珠菌。而在沿海地区采集的样本中没有检测到念珠菌。这一地域差异让研究人员推测，空气中的酵母菌来源于工业或城市，例如污水处理厂。此外，一些城市空气样本中还含有对常见抗真菌药物具有耐药性的致病性念珠菌菌种。研究人员表示，抗真菌药物的过度使用、城市环境中的重金属等污染物或气温升高均可能是这种耐药性的促成因素。最后，空气中的其中一种念珠菌菌株的基因组成与先前从念珠菌感染者样本中提取的菌株密切相关，这表明空气中的菌株可能具有传染性。研究人员表示，这项研究挑战了长期以来存在的念珠菌主要通过直接接触传播的假设，将念珠菌描述为一种新兴的空气传播病原体。但是还需要开展更多的研究，以调查城市中念珠菌的来源，并充分了解这些空气中颗粒的潜在传染性。

LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), today’s models stumble on work that demands high precision and consistent execution across massive, real-time data streams. Until we close this reliability gap at scale, LLMs alone won’t automate the majority of SOC tasks. Humans excel at framing ambiguous problems, making risk-aware … More →

The post GPT needs to be rewired for security appeared first on Help Net Security.

Microsoft is currently investigating a significant bug affecting classic Outlook for Windows that prevents users from accessing their email accounts. The issue manifests as a persistent error message stating “Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed.” […]

The post Microsoft Outlook Bug on Windows Devices Results in Repeated Email Crashes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

著名动物学家、灵长类动物学家和人类学家珍·古道尔（Jane Goodall）去世，享年 91 岁。珍·古道尔以研究野外黑猩猩闻名，被认为是最重要的黑猩猩专家。古道尔于 1960 年在坦桑尼亚贡贝溪（Gombe Stream）国家公园的 Kasakela 黑猩猩社区开始研究黑猩猩的社会和家庭生活，她观察到黑猩猩的行为与人类十分相似。她的发现挑战了当时两大信念：只有人类才能制造和使用工具，黑猩猩是素食主义者。她在研究中与当地黑猩猩建立了紧密联系，成为黑猩猩社区唯一被接纳的人类。她后来投身于环境教育和公益事业，创办了著名民间动物保育机构珍·古道尔研究所。

A vulnerability was found in Linux Kernel up to 6.11.6 and classified as critical. The impacted element is the function dapm_widget_list_create. Executing manipulation can lead to denial of service. This vulnerability is handled as CVE-2024-53045. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.59/6.11.6. It has been classified as problematic. This affects the function nxp_fspi_exec_op of the file drivers/spi/spi-nxp-fspi.c. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2024-53046. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.11.6. This affects the function __kmalloc_cache_noprof in the library lib/slub_kunit.c. Executing manipulation can lead to allocation of resources. The identification of this vulnerability is CVE-2024-53049. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.11.6 and classified as critical. The affected element is the function walk_system_ram_res_rev. Performing manipulation results in memory corruption. This vulnerability is known as CVE-2024-50303. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.6. This affects the function xa_insert of the component sch_api. The manipulation leads to denial of service. This vulnerability is documented as CVE-2024-53044. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.59/6.11.6. This impacts the function rcu_read_lock of the file net/mptcp/sched.c. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2024-53047. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.11.7. It has been declared as problematic. This issue affects the function __smc_create. The manipulation results in use after free. This vulnerability is reported as CVE-2024-50293. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.60/6.11.7 and classified as problematic. Impacted is the function regulator_config of the component rtq2208. The manipulation results in uninitialized pointer. This vulnerability is cataloged as CVE-2024-50300. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.60/6.11.7. Affected by this issue is the function rxrpc_disconnect_client_call. This manipulation causes denial of service. This vulnerability is handled as CVE-2024-50294. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.6. It has been classified as problematic. This issue affects some unknown processing of the file drivers/dpll/dpll_core.c. The manipulation leads to improper initialization. This vulnerability is documented as CVE-2024-53048. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.