Aggregator

A vulnerability has been found in GatesAir Maxiva UAXT and Maxiva VAXT and classified as critical. This vulnerability affects unknown code of the file /logs/debug/xteLog of the component Web-based Management Interface. The manipulation of the argument sess_id leads to improper authentication. This vulnerability was named CVE-2025-22960. The attack can be initiated remotely. There is no exploit available.

近期威胁情报速览！

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component WebAudio. The manipulation as part of HTML Page leads to use after free. This vulnerability was named CVE-2019-13720. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GaleriaSHQIP 1.0. This affects an unknown part of the file index.php. The manipulation of the argument album_id leads to sql injection. This vulnerability is uniquely identified as CVE-2010-3207. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Cybersecurity researchers have uncovered a sophisticated new attack method called “ChoiceJacking” that allows malicious charging stations to steal sensitive data from smartphones and tablets, effectively bypassing security measures that have protected mobile devices for over a decade. The attack, discovered by researchers at Graz University of Technology in Austria, represents a significant evolution of the […]

The post ChoiceJacking Attack Let Hackers Compromise Android & iOS Devices via Malicious Charger appeared first on Cyber Security News.

美国国务院发布声明，国务院将与国土安全部合作撤销中国学生的签证，受影响的学生包括与中国共产党有联系、或在关键领域学习。国务卿 Marco Rubio 还表示将修改签证标准，加强审查中国大陆和香港的所有签证申请。中国是美国第二大国际学生来源国，仅次于印度。暂时不清楚美国将如何定义与党有联系的学生。

A vulnerability was found in Uniguest Tripleplay up to 24.2.0. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-50706. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Uniguest Tripleplay up to 24.2.0. Affected by this vulnerability is an unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument X-Forwarded-For leads to code injection. This vulnerability is known as CVE-2024-50707. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Uniguest Tripleplay up to 24.2.0 and classified as critical. This vulnerability affects unknown code of the component HTTP POST Request Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-50704. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2025-2061. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-2122. The attack can only be initiated within the local network. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-2151. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2308. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor plans to fix this issue in an upcoming release.

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. The identification of this vulnerability is CVE-2025-2120. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-2121. The attack can only be done within the local network. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

HackerNews 编译，转载请注明出处： 网络安全公司GreyNoise披露，新型僵尸网络“AyySSHush”已入侵全球超9000台华硕路由器，并同步针对思科、D-Link等品牌的SOHO设备。该活动最早于2025年3月中旬被发现，攻击手法呈现国家级黑客组织特征。 攻击者采用三重渗透策略： 暴力破解：尝试常见弱口令组合 身份验证绕过：利用老旧漏洞突破防线 漏洞利用：重点针对华硕RT-AC3100、RT-AC3200及RT-AX55型号设备，通过命令注入漏洞CVE-2023-39780植入SSH公钥 值得注意的是，攻击者通过官方功能添加密钥，使得配置更改在固件升级后仍保留。后门程序将SSH守护进程绑定至非常规端口53282，同时关闭系统日志与趋势科技AiProtection防护功能，实现隐蔽驻留。 法国安全公司Sekoia追踪的“Vicious Trap”活动与该僵尸网络存在技术重叠。攻击者除路由器外，还针对SSL VPN、DVR设备及基板管理控制器实施入侵。观察到恶意脚本通过重定向受控设备流量至第三方节点，但尚未发现DDoS攻击或流量代理行为，推测其正构建基础设施为后续攻击铺路。 华硕已发布受影响型号固件更新（具体发布时间因型号而异），建议用户： 立即升级至最新固件版本 检查路由器“authorized_keys”文件是否包含攻击者SSH密钥（IoC列表参见原文） 将关联IP地址（101.99.91[.]151等四组）加入防火墙黑名单 如遇可疑活动，执行恢复出厂设置并采用高强度密码重新配置 GreyNoise监测数据显示，过去三个月仅捕获30次恶意请求，但成功入侵设备达九千余台，显示攻击具备高度精准性。研究人员提醒，传统固件升级无法清除已植入的后门，彻底排查需结合日志审计与密钥验证。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 网络安全研究团队Cybernews发现，两个未受保护的Azure Blob存储容器发生数据泄露，内含超160万份文件，主要涉及Etsy、Poshmark及TikTok店铺客户信息。泄露数据以美国用户为主，部分波及加拿大与澳大利亚客户。 尽管在线购物已具备较高安全性，数字阴影中仍潜藏风险。研究团队近期发现的两个暴露实例中，存储的HTML格式物流确认邮件包含以下敏感信息：用户全名、家庭住址、电子邮箱、物流订单详情。 研究人员强调：“考虑到Etsy作为全球数百万小微企业的交易平台地位，物流确认邮件数据泄露对其客户隐私与安全构成重大威胁。” 大部分泄露文件来自手工艺品电商平台Etsy，部分数据关联TikTok店铺、二手交易平台Poshmark及刺绣设计平台Embroly。 攻击者可利用泄露信息实施多重恶意活动： 精准钓鱼攻击：冒用Etsy或合作物流商身份，借助真实订单细节提升钓鱼邮件可信度，诱导用户点击恶意链接或泄露财务信息。 社交工程攻击：结合地址与订单信息实施深度伪装，骗取额外敏感数据。 恶意软件传播：制作包含具体商品描述的带毒邮件附件，利用用户信任实施感染。 虽然无法确认暴露实例的具体所有者，但处理记录分析显示：受影响订单主要涉及定制刺绣设计服务，设计师名称与订单明细指向越南地区刺绣服务提供商，证据表明可能为单一实体在多个电商平台开设店铺所致，但存储实例缺乏明确身份标识。 为防止类似事件，研究团队提出六项防护措施： 在云存储环境中实施更严格的安全控制，防止未授权访问 回溯审查访问日志，确认存储桶是否遭非法访问 启用服务器端加密确保静态数据保密性 使用Azure密钥保管库安全管理加密密钥 强制SSL/TLS协议保障数据传输安全 建立定期审计机制，开展员工数据安全培训 研究团队特别警示：“掌握用户全名与地址信息后，攻击者可伪装成可信物流服务商，通过伪造通知迫使受害者执行确认个人信息、支付款项或点击恶意链接等危险操作。此外，精确的订单信息可能被用于投放定制化恶意载荷，极大提升攻击成功率。”       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

最近几年银狐类黑产团伙非常活跃，今年这些黑产团伙会更加活跃，而且仍然会不断的更新自己的攻击样本，采用各种免杀方式，逃避安全厂商的检测，此前大部分银狐黑产团伙使用各种修改版的Gh0st远控作为其攻击武器，远程控制受害者主机之后，进行相关的网络犯罪活动。