Aggregator

A vulnerability classified as critical was found in Mozilla Firefox up to 128.6/134.x. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2025-1016. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in yhirose cpp-httplib up to 0.18.3. This affects an unknown part of the component HTTP Response Handler. The manipulation leads to http response splitting. This vulnerability is uniquely identified as CVE-2025-0825. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Mozilla Thunderbird up to 128.6/134.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Private Browsing Mode. The manipulation leads to race condition. This vulnerability is handled as CVE-2025-1013. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 128.6/134.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Private Browsing Mode. The manipulation leads to race condition. This vulnerability is known as CVE-2025-1013. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 128.6 and classified as critical. This issue affects some unknown processing of the component Certificate Store. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2025-1014. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 128.6. It has been classified as critical. Affected is an unknown function of the component Certificate Store. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2025-1014. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird up to 128.6 and classified as problematic. This vulnerability affects unknown code of the component Address Book. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-1015. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

两大自由软件项目 Freedesktop 和 Alpine Linux 正在寻找新托管商，因为原托管商 Equinix Metal 宣布停止提供裸机服务器销售和服务。两大自由软件项目必须在四月底前迁移到新托管商。X.org/Freedesktop.org 拥有一个逾 400GB 的数据库存储和近 100TB 的数据存储。Alpine Linux 发行版被广泛容器和嵌入式设备，它每月使用约 800TB 的带宽。

DaggerFly’s Lunar Peek campaign is using a new malware strain, identified by FortiGuard Labs, to compromise Linux networks

A vulnerability, which was classified as problematic, was found in goauthentik authentik up to 2024.10.3. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11623. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Abyss Locker ransomware targets critical network devices with swift, disruptive attacks. This blog breaks down its tactics and defense strategies.

The post The Anatomy of Abyss Locker Ransomware Attack appeared first on Sygnia.

A critical security flaw, identified as CVE-2025-21298, has been disclosed in Microsoft’s Windows Object Linking and Embedding (OLE) technology.  This zero-click vulnerability, which carries a CVSS score of 9.8, allows attackers to execute arbitrary code remotely by exploiting Microsoft Outlook and other applications.  The flaw has raised alarms across the cybersecurity community due to its […]

The post Critical Windows OLE Zero-Click Vulnerability Let Attacker to Execute Arbitrary Code appeared first on Cyber Security News.

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to

本文将开启Pytorch深度学习系列，希望对初学者有帮助！