Aggregator

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.12.10. Affected by this issue is the function f_ecm/f_eem/f_hid/f_loopback/f_printer/f_rndis/f_serial/f_sourcesink/f_subset/f_tcm. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2021-47270. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.45/5.12.12. It has been rated as critical. Affected by this issue is the function mtk_phy_init of the component phy-mtk-tphy. The manipulation leads to memory leak. This vulnerability is handled as CVE-2021-47234. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.127/5.10.45/5.12.12. It has been classified as problematic. Affected is an unknown function of the component ll_temac. The manipulation leads to use after free. This vulnerability is traded as CVE-2021-47224. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 4.14.237/4.19.195/5.4.127/5.10.45/5.12.12. It has been rated as critical. This issue affects the function tunnel_dst of the component bridge. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2021-47223. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ubiquiti UniFi Access Reader Pro, UniFi Access G2 Reader Pro, UniFi Access G3 Reader Pro, UniFi Access Intercom, UniFi Access G3 Intercom and UniFi Access Intercom Viewer. It has been classified as critical. This affects an unknown part. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-27212. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has announced the return of its groundbreaking Zero Day Quest, the largest public hacking event in history, offering unprecedented bounty rewards of up to $5 million for high-impact security research. Building upon last year’s successful $4 million initiative, this enhanced program demonstrates Microsoft’s commitment to collaborative security through responsible vulnerability disclosure and community engagement. […]

The post Microsoft Zero Day Quest Hacking Contest – Rewards Up to $5 Million appeared first on Cyber Security News.

文章描述了错误代码521的原因及解决方法。该错误通常由CDN服务器与源站通信失败引起，常见原因包括源站IP异常、防火墙设置不当或网络连接问题。建议检查源站状态、调整防火墙规则并优化网络配置以解决问题。

HackerNews 编译，转载请注明出处： 思科Talos研究人员周二披露，戴尔数百万台笔记本电脑采用的安全芯片存在漏洞，可能使攻击者窃取敏感数据，并在设备重装操作系统后仍维持访问权限。该研究此前未公开，经戴尔6月安全公告确认，影响超100款笔记本型号，涉及存储密码、生物识别数据及安全代码的专用芯片，该芯片同时负责安装指纹/智能卡/NFC驱动及固件。 研究人员表示尚无漏洞野外利用迹象。戴尔已于3月至5月分阶段发布补丁，并于6月13日发布完整安全公告。漏洞专属于戴尔ControlVault安全固件与软件采用的博通BCM5820X芯片。思科Talos高级漏洞研究员Philippe Laulheret指出，受影响的Latitude与Precision等机型广泛用于网络安全行业及政府场景，“需通过智能卡或NFC强化登录安全的敏感行业更易受波及”。 Laulheret在周二发布的博客中透露，相关分析将于8月6日拉斯维加斯黑帽安全大会上展示。思科Talos外联负责人Nick Biasini强调，此发现凸显需加强对处理生物识别等敏感数据的硬件安全研究：“安全飞地、生物识别等技术的应用日益广泛，虽提升设备安全性，却也引入了新攻击面”。 戴尔发言人声明称已“快速透明地解决问题”，并指引用户查阅6月13日公告：“建议客户及时安装我们提供的安全更新并升级至受支持的产品版本，以确保系统安全。”     消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Netwin SurgeFTP up to 23c8. It has been classified as critical. This affects an unknown part of the file surgeftpmgr.cgi of the component Web-based Administrative Console. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2012-10028. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Blue Access Cobalt X1 up to 02.000.187. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-50454. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in PHP-Charts 1.0 and classified as critical. Affected by this vulnerability is the function eval of the file wizard/url.php of the component GET Parameter Handler. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2013-10070. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TurboSoft TurboFTP Server 1.30.823/1.30.826 and classified as critical. Affected by this issue is some unknown functionality of the component PORT Command Handler. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2012-10035. The attack may be launched remotely. Furthermore, there is an exploit available.

当前环境出现异常，请完成验证后方可继续访问。

银狐黑产组织最新攻击样本与威胁情报

A trio of startup founders — GreyNoise's Andrew Morris, Thinkst Canary's Haroon Meer, and runZero's HD Moore — agree that raising venture capital funding can be beneficial, but a company's success depends on how well the product fits customer needs.

该页面显示值班人员Jan Kopriva、威胁级别为绿色，并提供应用安全课程（在拉斯维加斯举办）及ISC Stormcast播客链接。

Tigo Energyが提供するCloud Connect Advancedには、複数の脆弱性が存在します。

英伟达官方博客发文称，“NVIDIA 芯片不存在后门、终止开关和监控软件”。文章称，“为了降低误用风险，一些专家和政策制定者提出需要在硬件中设置‘终止开关’或内置控件，以便在用户不知情和未经同意的情况下远程禁用 GPU。有人怀疑这种情况已经存在。NVIDIA GPU 不存在也不应该设置终止开关和后门。30 多年前，NVIDIA 开始设计处理器。经验告诉我们，将后门和终止开关嵌入到芯片有可能为黑客和敌对势力提供可乘之机，这将会破坏全球数字基础设施和业界对领先技术的信任。很多国家和地区的既定法律对此也有明确规定，要求公司修正漏洞，而不是制造漏洞。这一原则仍然有效。不存在所谓“好”的秘密后门，只有必须被彻底消除的危险漏洞。”