Aggregator

2025年8月，深信服深瞻情报实验室再次监测到amdc6766黑产组织攻击活动。在本次攻击活动中，观察到多个运维管理工具相关样本，疑似利用仿冒网站分发恶意文件。

A vulnerability classified as problematic has been found in VMware Spring Framework up to 5.3.43/6.0.29/6.1.21/6.2.9. This issue affects some unknown processing of the component Servlet Container Handler. Performing manipulation results in path traversal. This vulnerability is known as CVE-2025-41242. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Когда UI пуст, а ИИ слышит команды.

Al-Tahery Al-Mashriky has been sentenced to 20 months behind bars for hacktism-related offenses

A vulnerability was found in Autodesk AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD MAP 3D, Civil 3D and Advance Steel and classified as critical. This impacts an unknown function of the component DGN File Parser. Executing manipulation can lead to buffer overflow. This vulnerability is handled as CVE-2025-5048. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Autodesk AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD MAP 3D, Civil 3D and Advance Steel and classified as critical. This affects an unknown function of the component DGN File Parser. Performing manipulation of the argument Uninitialized results in use of uninitialized variable. This vulnerability is known as CVE-2025-5047. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Autodesk AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD MAP 3D, Civil 3D and Advance Steel. The impacted element is an unknown function of the component DGN File Parser. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-5046. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in form-data up to 2.5.3/3.0.2/4.0.2. This issue affects some unknown processing in the library lib/form_data.Js of the component HTTP Parameter Handler. This manipulation causes insufficiently random values. This vulnerability appears as CVE-2025-7783. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Google Play стал витриной для клонов, которые обещают безопасность, но дают слежку.

本文介绍WACV论文《Improving Fairness in Deepfake Detection》，提出DAG-FDD与DAW-FDD两种基于CVaR的公平性优化方法，在提升深度伪造检测公平性的同时保持检测性能。

Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.

Web应用漏洞检测新突破：基于导向式模糊测试的高效漏洞检测技术

A vulnerability described as critical has been identified in QNAP File Station 5 5.5.6.4741. This vulnerability affects unknown code. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-47206. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

英国通信监管机构 Ofcom 于 6 月 10 日宣布对图像讨论版 4chan 展开调查，调查该网站是否遵守了 Online Safety Act 2023。Ofcom 上周表示，调查显示 4chan 未遵守这项法律，未能回应法定信息请求，未能完成和保存内容风险评估记录，未能履行非法内容相关的安全义务。Ofcom 考虑对其处以 2 万英镑罚款，之后按日处罚。4chan 随后通过律师发表声明，称它是一家注册在特拉华州的美国公司，在英国没有业务，英国对其没有司法管辖权。4chan 称它受到了美国宪法第一修正案的保护。

A vulnerability identified as critical has been detected in expressjs multer up to 2.0.1. The affected element is an unknown function of the component Multi-part Upload Request Handler. Performing manipulation results in uncaught exception. This vulnerability was named CVE-2025-7338. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Oracle HTTP Server 12.2.1.4.0. It has been declared as critical. This impacts an unknown function of the component SSL Module. Executing manipulation can lead to denial of service. The identification of this vulnerability is CVE-2023-3817. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in OpenSSL up to 1.0.2zi/1.1.1w/3.0.12/3.1.4 and classified as critical. This issue affects the function DH_generate_key of the file crypto/dh/dh_check.c of the component X9.42 DH Keys Handler. Such manipulation leads to excessive iteration. This vulnerability is documented as CVE-2023-5678. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.