Aggregator

Submit #618946 / VDB-317060

Submit #618944 / VDB-317059

Submit #618943 / VDB-317058

Submit #618942 / VDB-317057

Submit #618941 / VDB-317056

Submit #618909 / VDB-317055

Submit #618907 / VDB-317054

Submit #618895 / VDB-317054

Submit #618882 / VDB-317053

A vulnerability classified as very critical has been found in Simopro WinMatrix3 up to 3.8.51.1. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-7916. It is possible to launch the attack remotely. There is no exploit available.

文章描述了一个关于错误代码521的问题及其解决方案的讨论。

作者：Matt Johnson 原文链接：https://www.mdsec.co.uk/2023/08/leveraging-vscode-extensions-for-initial-access/ 1. 引言 在最近一次红队行动中，MDSec 受命策划一次用于获取初始访问权限的网络钓鱼活动。特殊之处在于，被选中的钓鱼对象是开发人员，其技术能力远高于普通用户。 因此，他们不太可能落入常见...

在上周举行的 RISC-V 中国峰会上，英伟达宣布 CUDA 软件将支持 RISC-V 处理器。随着数据中心市场对 RISC-V 架构处理器的兴趣日益增长，英伟达为其 CUDA 软件加入 RISC-V 支持并不太出人意料。CUDA 目前主要支持 x86_64 和 AArch64 系统。英伟达的竞争对手 AMD 的内核计算驱动 AMDKFD 以及用户空间组件 ROCm 都支持在 RISC-V 上构建，AMDKFD/ROCm 甚至支持龙芯的 LoongArch 处理器。

A vulnerability was found in Microsoft SharePoint Enterprise Server 2016/2019/Subscription Edition. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-53771. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordPress up to 6.8.2. It has been declared as problematic. This vulnerability affects unknown code of the component XML-RPC Request Handler. The manipulation leads to incorrect resource transfer. This vulnerability was named CVE-2025-54352. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Westermo WeOS up to 5.24.4. It has been classified as problematic. This affects an unknown part of the component Syslog. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-54319. It is possible to initiate the attack remotely. There is no exploit available.

Cybersecurity firm Expel, in an update shared on July 25, 2025, said it's retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device. "The evidence does show the targeted user's credentials (username and password) being phished and that the attacker

研究人员发现一种新型网络攻击技术，攻击者利用跨设备登录功能和伪装的企业登录页面欺骗用户批准认证请求，绕过FIDO密钥保护机制。该技术通过混合传输方法生成并展示QR码，诱导用户使用MFA应用扫描后实现对账户的非法访问。这种攻击不依赖于FIDO协议漏洞，而是滥用合法功能进行降级认证。为防范此类威胁，建议加强设备验证和监控异常登录行为。

A vulnerability was found in Microsoft SharePoint Enterprise Server 2016/2019/Subscription Edition and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-53771. The attack may be launched remotely. Furthermore, there is an exploit available.

HPE предупреждает об уязвимости в Aruba Instant On.