Aggregator

中断长达11个月后微软修复Windows 11 24H2面容识别故障 部分受影响用户终于可以升级

不安全
9 months ago
微软修复了Windows 11 24H2版本中长达11个月的面部识别和相机故障问题,允许受影响设备升级。此前因摄像头问题导致应用冻结或无法使用面容识别的设备被阻止升级。现在更新策略已解除,符合条件的设备可通过Windows更新安装新版本。微软计划于10月发布共享相同基础设施的Windows 11 25H2更新。

CVE-2025-10652 | Robcore Netatmo Plugin up to 1.7 on WordPress Shortcode robcore-netatmo sql injection (EUVD-2025-30322)

Vuldb Updates
9 months ago
A vulnerability categorized as critical has been discovered in Robcore Netatmo Plugin up to 1.7 on WordPress. Affected is the function robcore-netatmo of the component Shortcode Handler. Executing manipulation can lead to sql injection. This vulnerability is registered as CVE-2025-10652. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-10181 | Draft List Plugin up to 2.6 on WordPress Shortcode drafts cross site scripting (EUVD-2025-30313)

Vuldb Updates
9 months ago
A vulnerability described as problematic has been identified in Draft List Plugin up to 2.6 on WordPress. This vulnerability affects the function drafts of the component Shortcode Handler. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-10181. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-9949 | Internal Links Manager Plugin up to 3.0.1 on WordPress process_bulk_action cross-site request forgery (EUVD-2025-30309)

Vuldb Updates
9 months ago
A vulnerability classified as problematic has been found in Internal Links Manager Plugin up to 3.0.1 on WordPress. This issue affects the function process_bulk_action. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-9949. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2025-10741 | Selleo Mentingo up to 2025.08.27 Profile Picture userAvatar unrestricted upload (EUVD-2025-30365)

Vuldb Updates
9 months ago
A vulnerability, which was classified as critical, has been found in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-10741. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10759 | Webkul QloApps up to 1.7.0 CSRF Token token authorization (EUVD-2025-30370)

Vuldb Updates
9 months ago
A vulnerability was found in Webkul QloApps up to 1.7.0. It has been classified as problematic. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. This vulnerability was named CVE-2025-10759. The attack may be initiated remotely. In addition, an exploit is available. The vendor explains: "As We are already aware about this vulnerability and our Internal team are already working on this issue. (...) We'll implement the fix for this vulnerability in our next major release."
vuldb.com

CVE-2025-10757 | UTT 1200GW up to 3.0.0-170831 formConfigDnsFilterGlobal GroupName buffer overflow (EUVD-2025-30368)

Vuldb Updates
9 months ago
A vulnerability has been found in UTT 1200GW up to 3.0.0-170831 and classified as critical. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of the argument GroupName causes buffer overflow. This vulnerability is handled as CVE-2025-10757. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10755 | Selleo Mentingo 2025.08.27 Content-Type userAvatar unrestricted upload (EUVD-2025-30366)

Vuldb Updates
9 months ago
A vulnerability, which was classified as critical, was found in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in unrestricted upload. This vulnerability was named CVE-2025-10755. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10756 | UTT HiPER 840G up to 3.1.1-190328 getOneApConfTempEntry tempName buffer overflow (EUVD-2025-30367)

Vuldb Updates
9 months ago
A vulnerability, which was classified as critical, was found in UTT HiPER 840G up to 3.1.1-190328. Impacted is an unknown function of the file /goform/getOneApConfTempEntry. The manipulation of the argument tempName results in buffer overflow. This vulnerability is known as CVE-2025-10756. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Canada’s RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

Security Affairs
9 months ago
RCMP shuts down TradeOgre, seizing $40M from crime, the first crypto exchange closure and largest asset seizure in Canada’s history. The Royal Canadian Mounted Police shut down the crypto exchange TradeOgre and seized $40M worth of crypto assets. This is the first crypto exchange shut down by the Canadian authorities. “RCMP Federal Policing – Eastern […]
Pierluigi Paganini

Google TV 加入 Gemini AI 助手

Solidot
9 months ago
Google 开始将其 Gemini AI 助手推送给 Google TV 设备。用户将能向 Gemini 寻求电视推荐、节目回顾、评论,甚至执行家庭作业辅导、假期计划或学习新技能等任务的帮助。Gemini AI 将首先推送给 TCL 的 QM9K 系列智能电视,晚些时候推送给 Google TV Streamer、Walmart onn 4K Pro、2025 Hisense U7、U8 和 UX 型号,以及 2025 款 TCL QM7K、QM8K 和 X11K 系列型号。

Hackers Using SVG Files to Deliver Malicious Payloads

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months ago

A recent malware campaign making the rounds in Latin America offers a stark example of how cybercriminals are evolving and finetuning their playbooks. Victims receive emails dressed up to look as though they come from trusted institutions, warning of lawsuits or court summons. This tried-and-tested social-engineering tactic exploits urgency to trick recipients into clicking links […]

The post Hackers Using SVG Files to Deliver Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

香港网安周|360 以“安全智能体”破局网络威胁 开启全球化新征程!

嘶吼
9 months ago

近日,“2025年国家网络安全宣传周”香港分论坛成功举办。该论坛由香港警务处网络安全及科技罪案调查科、香港互联网注册管理有限公司、香港网络安全专业协会联合协办,聚焦全球网络安全前沿议题,汇聚政企学研各界代表共话行业挑战与应对之策。期间,360数字安全集团受邀出席论坛核心环节,并在圆桌会议中从防御视角独家分享 AI赋能网络安全的“360方案”。此次亮相不仅是360推进香港业务的具体落地动作,更成为其“安全+AI”产品与服务迈向海外市场的关键一步。

在圆桌论坛环节,360数字安全集团副总裁张锦章围绕“基于AI的主动防御体系如何应对新时代网络安全挑战”展开深度解读。他指出,当前网络安全领域的核心矛盾是AI技术已彻底改变网络攻击节奏,将攻击速度从传统“人类速度”提升至“机器速度”,传统防御手段已难以应对。基于这一现状,张锦章提出明确破局路径,从防御端依靠AI破解挑战是唯一出路,核心在于构建安全智能体驱动的自动化防御体系,真正实现“以AI防AI”。

现场,360凭借“360方案”充分展现了在安全和AI领域的技术硬实力,其主动防御、智能响应的安全理念与解决方案,更在国际化语境下完成高效验证,获得了政府部门、金融机构、科技企业及学术机构等各界专家的广泛共鸣,为构建跨区域网络安全生态注入“360智慧”。

值得关注的是,随着政府服务数字化转型提速、“智慧香港”建设深化、“数字湾区”协同发展推进,香港对安全可信的网络环境需求愈发迫切。事实上,360早已深耕香港市场,近年来持续深化战略布局,为当地政府、金融、企业等领域客户,提供网络安全保障、攻防赛事活动支持、自主可控建设等多样化服务支撑,以实际行动助力香港特区数字化高质量发展。

对360而言,香港的战略价值远不止于“本地服务”,这里既是集团服务粤港澳大湾区的核心支点,更是全球化战略的“先行示范区”与“能力跳板”。面向未来,随着香港业务的进一步落地与推进,360 数字安全集团将从三大方向加速全球化布局:

一是推动产品与服务的国际化适配:依托香港独特的市场环境、完善的法律法规及国际通用标准,打磨并优化“AI+安全”产品矩阵,确保产品在合规性、用户体验与服务模式上,全面满足更广阔海外市场的需求;同时,将经香港市场验证成熟的产品、服务与解决方案高效辐射至全球,实现从“走出去”到“走进去”的战略跨越;

二是打造可复制的标杆案例:聚焦香港复杂多样的数字化场景(如金融风控、政务数据安全、智慧医疗防护等),成功部署并验证“360方案”,形成具备国际说服力的标杆案例,为后续开拓海外市场提供实践范本与信心支撑;

三是构建国际化合作生态:积极与香港本地的国际企业、学术机构及安全同行建立合作关系,同步全球网络安全前沿趋势、核心技术与专业人才;通过吸收国际先进经验,反哺自身技术研发与服务体系的升级迭代。

未来,360数字安全集团将继续以“让AI世界更安全更美好”为使命,以香港市场的成功实践为基础,将领先的“安全+AI”能力传递给全球用户,为构建更安全、更繁荣的全球数字生态持续贡献力量。

企业资讯

Managed ad