Aggregator

A vulnerability classified as problematic was found in Shared Files Plugin up to 1.7.48 on WordPress. This vulnerability affects the function sanitize_file. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-4392. The attack can be initiated remotely. There is no exploit available.

极客公园正在寻找极具潜力的人才！

最讽刺的是，学生现在用 AI，后果之一是未来无法更好地用 AI。

A significant vulnerability, CVE-2025-26396, affects the SolarWinds Dameware Mini Remote Control Service could allow attackers to escalate privileges on affected systems. Security researcher Alexander Pudwill, working with Trend Micro Zero Day Initiative, responsibly disclosed the flaw to SolarWinds. In a coordinated vulnerability disclosure, SolarWinds has released Dameware version 12.3.2, which addresses a critical security vulnerability. […]

The post SolarWinds Dameware Remote Control Service Vulnerability Allows Privilege Escalation appeared first on Cyber Security News.

日本参议院全体会议5月28日以多数赞成票通过首部专门针对人工智能的法律，旨在促进AI相关技术研发和应用并防止其滥用。

意见反馈截止时间为2025年7月29日24:00前。

近日，科来正式发布《网络通讯协议图》2025版。从IPv4到IPv6、从传统网络到业务上云、从有线到无线全面覆盖，以及物联网、车联网的普及，伴随技术的演进发展，科来持续将协议的研究成果绘制于协议图中，推动对于协议的理解与行业应用。

Microsoft and CrowdStrike announced a groundbreaking collaboration yesterday to streamline the confusing landscape of cyberthreat actor identification, marking what industry experts are calling a watershed moment for cybersecurity intelligence sharing. The partnership addresses a critical challenge that has long plagued the cybersecurity industry: the proliferation of different naming conventions for the same threat actors across […]

The post Microsoft and CrowdStrike Teaming Up to Bring Clarity To Threat Actor Mapping appeared first on Cyber Security News.

Когда Word работает сам, а Outlook всё понимает.

The 20-year bureau pro wants to see what it’s like to fight ransomware from the private sector.

The post Top FBI cyber official Cynthia Kaiser exits for Halcyon appeared first on CyberScoop.

Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region

Бизнесу придётся выбирать “своих”.

暗网惊现超强加密工具，你的电脑还安全吗？

看雪论坛作者ID：櫬木汐

欢迎点赞、转发、评论！！！

6月7日-9日，2025全球人工智能技术博览会，不见不散！

A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Nginx web servers.  The vulnerability, designated as CVE-2025-48866, affects all ModSecurity versions prior to 2.9.10 and allows attackers to crash systems through exploitation of the sanitiseArg […]

The post New ModSecurity WAF Vulnerability Let Attackers Crash the System appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5523. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #585711 / VDB-310218