Aggregator

LYSRC正式启动大模型专项测试活动，诚邀白帽师傅们聚焦同程旅行体系AIGC服务安全，共同筑牢智能时代安全防线

On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service) Manager API (CVE-2023-49564). With a CVSS 3.1 score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), the vulnerability poses a severe risk to organizations relying on these management platforms to orchestrate and secure their containerized network […]

The post Nokia CBIS/NCS Manager API Vulnerability Allows Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Пока операторы отчитываются о победах, мошенники строят свою собственную сеть у вас под окнами.

A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1.  Tracked as CVE-2025-59340 and rated Critical with a CVSS v3.1 score of 10.0, the issue stems from JavaType‐based deserialization, enabling threat actors […]

The post HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks appeared first on Cyber Security News.

Luxury jewelry brand Tiffany and Company has confirmed a data breach that resulted in the theft of customers’ personal information. The company is in the process of sending out notification letters to affected individuals, detailing the scope of the incident and the data that was compromised. According to the notification, Tiffany experienced a “cybersecurity issue” […]

The post Luxury Jewelry Creator Tiffany Confirms Data breach – Hackers Stolen Users Personal Information appeared first on Cyber Security News.

A vulnerability classified as critical has been found in Microsoft Windows up to Server 2025. This affects an unknown function of the component Bluetooth Service. Performing manipulation results in race condition. This vulnerability is identified as CVE-2025-59220. The attack is only possible with local access. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows 11 24H2/Server 2025. Impacted is an unknown function of the component Graphics. Such manipulation leads to race condition. This vulnerability is documented as CVE-2025-59216. The attack needs to be performed locally. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability identified as critical has been detected in Microsoft Server 11 24H2/Server 2025. Affected by this issue is some unknown functionality of the component Graphics. Performing manipulation results in use after free. This vulnerability was named CVE-2025-59215. The attack needs to be approached locally. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

在有 2100 万人口的成都郊区，ZCAR竹子买车正以惊人的折扣价出售汽车，有 5000 辆汽车可供客户挑选。国产奥迪车五折，一汽的一款七座 SUV 车型四折出售。ZCAR 声称它是从汽车制造商和经销商批量收购的，而之所以能提供如此低的价格是因为汽车行业产能过剩。调查显示，中国汽车行业的产量远超市场需求，因为行业生产目标受到政府政策而非消费者需求的影响。电动汽车的起售价低于 1 万美元，而在美国大部分电动汽车售价在 3.5 万美元以上。滞销车辆最终流向了像 Zcar 之类的交易商。业内人士和分析师认为汽车行业可能会出现类似房地产和光伏行业的动荡。产能过剩的问题十分突出：根据咨询机构盖世汽车研究院的数据，中国汽车制造商的工厂产能是去年实际产量——2750 万辆——的两倍。

Silhouetted hooded figures represent Russian hackers operating under the auspices of the FSB against targeted organizations.  Two prominent Russian state-sponsored hacking groups, Gamaredon and Turla, have been observed collaborating in sophisticated cyberattacks targeting Ukrainian organizations to deploy the advanced Kazuar backdoor. New evidence reveals an unprecedented level of coordination between these Federal Security Service (FSB) […]

The post Russian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

至少谷歌、派拓科技两家财富500强受影响

Уязвимость в OpenAI взломала не только почту, но и Dropbox, GitHub и другие сервисы.

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

速修复

已修复

7天系统学习，掌握通用方法论。 积累实战经验，提升技术竞争力。

文末投递简历

新攻击工具可绕过越狱 iPhone 生物识别验证

看雪论坛作者ID：ranshaodexia