Aggregator

Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government.

中国游戏公司以免费网游闻名，如《原神》和《鸣潮》在全世界都有数百万玩家。但随着《黑神话：悟空》的成功，越来越多的中国游戏工作室开始转向开发单机游戏。以前中国游戏公司不愿意开发单机游戏，因为免费网游的商业模式更成熟，更容易收回开发成本。即将发布的单机游戏《明末：渊虚之羽》总监夏思源说，单机游戏的风险更大，其命运在上市当天就注定了，而网游如果上线第一天出现问题还是有可能补救的。前腾讯游戏 CTO 现 Epic Games 中国 CTO 沈黎（Li Shen）说，中国游戏公司一直对单机游戏感兴趣，但直到《黑神话：悟空》在全世界售出数百万份拷贝之后，游戏发行商才愿意投资单机游戏。新单机游戏如 S-Game 的《影之刃零》和《明末：渊虚之羽》都希望借助《黑神话：悟空》成功的东风。游戏行业的专业人士表示，因网游的经验中国游戏公司在商业设计和运营方面全球领先，但游戏设计和整体质量尤其是叙事和剧本创作存在不足。类似其它中国公司，中国游戏工作室的加班文化也颇受争议，很多游戏公司都使用 996 工作制，夏思源称他的公司不鼓励加班，认为加班效率低下。他说中国有句俗话叫众人拾柴火焰高，希望其团队的努力能鼓励更多公司开发单机游戏。

A vulnerability was found in Drake CMS 0.4.11 Rc8. It has been classified as problematic. This affects an unknown part. The manipulation of the argument d_root leads to path traversal. This vulnerability is uniquely identified as CVE-2008-1371. An attack has to be approached locally. Furthermore, there is an exploit available.

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. [...]

A vulnerability classified as problematic has been found in Comdev eCommerce 3.0. This affects an unknown part of the file wce.download.php. The manipulation of the argument Download leads to path traversal. This vulnerability is uniquely identified as CVE-2005-2543. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Smartscript Domain Trader 2.0. This issue affects some unknown processing of the file catalog.php. The manipulation of the argument ID leads to cross site scripting. The identification of this vulnerability is CVE-2008-0688. The attack may be initiated remotely. Furthermore, there is an exploit available.

As data breaches continue to make headlines and regulatory penalties reach record highs, organizations face mounting pressure to strengthen their enterprise data protection frameworks. Recent incidents have highlighted the critical importance of robust privacy compliance measures in an increasingly digital business landscape where AI adoption is accelerating and sensitive customer information remains vulnerable. Major Breaches […]

The post Protecting Sensitive Data in Enterprise Systems for Privacy Compliance appeared first on Cyber Security News.

A vulnerability classified as problematic was found in Goahead Webserver 2.1.1/2.1.2/2.1.3/2.1.4/2.1.5. This vulnerability affects unknown code of the component Encoded URL Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2002-0680. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in FlatPress 1.3.1. Affected is an unknown function. The manipulation of the argument TextArea leads to cross site scripting. This vulnerability is traded as CVE-2025-25460. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in YI Car Dashcam 3.88. This vulnerability affects unknown code of the component HTTP Server. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-56897. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as very critical, was found in MITRE Caldera up to 4.2.0/5.0.0. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-27364. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Via Browser 6.1.0. This issue affects the function mark.via.Shell. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-57608. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in pkp OJS, OMP and OPS. Affected is an unknown function of the component User XML Plugin Handler. The manipulation leads to backdoor. This vulnerability is traded as CVE-2024-56525. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in SeaCMS up to 13.3. This affects an unknown part of the file admin_members.php. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-25513. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in NovaCHRON Zeitsysteme Smart Time Plus up to 8.6. It has been classified as problematic. Affected is an unknown function of the file /iclock/Settings?restartNCS=1 of the component NCServiceManger. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-53542. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Apple Mac OS X up to 10.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2008-3619. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.5.1. It has been classified as critical. This affects an unknown part of the component File Sharing. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2008-3618. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple Mac OS X 10.4.11. This affects an unknown part. The manipulation leads to credentials management. This vulnerability is uniquely identified as CVE-2008-2312. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Mac OS X up to 10.5.1 and classified as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to numeric error. This vulnerability is known as CVE-2008-3616. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.5 and classified as critical. Affected by this issue is some unknown functionality of the component Remote Management. The manipulation leads to credentials management. This vulnerability is handled as CVE-2008-3617. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.