Aggregator

A vulnerability was found in Updatecli up to 0.92.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability was named CVE-2025-24355. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in imgproxy up to 3.27.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2025-24354. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Envoy Gateway up to 1.2.5. This issue affects some unknown processing of the component Kubernetes Cluster Handler. The manipulation leads to unprotected primary channel. The identification of this vulnerability is CVE-2025-24030. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Похоже, популярный музыкальный софт сбился с ритма безопасности.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Simon Zuckerbraun - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2025-02-04, 30 days ago. The vendor is given until 2025-06-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Dell has released a Critical Security Update (DSA-2025-022) for its PowerProtect Data Domain (DD) systems to address multiple vulnerabilities that could allow attackers to compromise affected systems. These vulnerabilities, identified in various components and open-source dependencies, highlight the importance of timely patching to safeguard enterprise data protection environments. Impact of the Disclosed Vulnerabilities The vulnerabilities include seven […]

The post Multiple Flaws in Dell PowerProtect Allow System Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent cybersecurity threat has emerged in the form of AsyncRAT, a remote access trojan (RAT) that leverages Python and TryCloudflare for stealthy malware delivery. This sophisticated campaign involves a complex sequence of events, starting with phishing emails that deceive users into downloading malicious payloads. Here the attack chain exploits legitimate infrastructure which makes the […]

The post AsyncRAT Abusing Python and TryCloudflare For Stealthy Malware Delivery appeared first on Cyber Security News.

While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning, and an unwavering commitment to security. The challenges Perhaps the most pressing challenge in the quest towards cryptographic agility is encryption key sprawl, where visibility into organizations’ encryption key ecosystem becomes cloudy. Many companies struggle … More →

The post Aim for crypto-agility, prepare for the long haul appeared first on Help Net Security.

Патч также устраняет десятки скрытых угроз, о которых вы могли и не догадываться.

A critical Cross-Site Scripting (XSS) vulnerability has been discovered in the popular open-source webmail client, Roundcube, potentially exposing users to serious security risks. Tracked as CVE-2024-57004, the flaw affects Roundcube Webmail version 1.6.9 and allows remote authenticated users to upload malicious files disguised as email attachments. Once the malicious file is uploaded, the vulnerability can be triggered when the […]

The post Roundcube XSS Flaw Allows Attackers to Inject Malicious Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

财政部印发《数据资产全过程管理试点方案》确定国家卫生健康委为中央试点部门，负责管理卫生健康数据资产，组织开展数据资产全过程管理试点。在此背景下，有必要深入探讨当前医疗卫生数据资产全过程管理面临的问题，以确保卫生健康相关数据资产有效管理和利用

在数字经济快速发展的当下，数据已跃升为与土地、劳动力、资本等传统生产要素并驾齐驱的关键生产要素，其重要性不言而喻。

在数字经济全球化发展的今天，个人信息的跨境流动已然成为常态。如何在促进个人信息合理利用的同时，加强个人信息保护、保障数据流动的有序性和安全性成为加强个人信息跨境流动监管的重要命题。

近日国家发展改革委、国家数据局等部门联合印发《关于完善数据流通安全治理 更好促进数据要素市场化价值化的实施方案》，为充分释放数据价值提供了重要制度保障。

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service