Aggregator

文件层免杀对抗愈加激烈的背景下，内存层检测已经成为终端安全软件当前重点建设的检测引擎

The credit rating giant revealed that the breach, which occurred on July 28, was caused by unauthorized access to a third-party application

DPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by North Korean actors, supplemented by dozens of profiles across niche freelancing and forum sites. These operatives employ deepfake profile photos, […]

The post DPRK Remote Work Tactics: Leveraging Code-Sharing Platforms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9669. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Emerging in mid-2025, a sophisticated campaign attributed to the Silver Fox APT has begun exploiting a previously unreported vulnerable driver to compromise modern Windows environments. This campaign leverages the WatchDog Antimalware driver (amsdk.sys, version 1.0.600), a Microsoft-signed component built on the Zemana Anti-Malware SDK. By abusing its arbitrary process termination capability, threat actors bypass endpoint […]

The post Silver Fox APT Hackers Leveraging Vulnerable driver to Attack Windows 10 and 11 Systems by Evading EDR/AV appeared first on Cyber Security News.

Submit #637413 / VDB-321876

Протокол ACP может повторить успех LSP.

A vulnerability classified as problematic was found in Synology RADIUS Server. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2024-13987. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

Submit #637297 / VDB-272072

Submit #637292 / VDB-265211

8月28日，2025中国国际大数据产业博览会（以下简称“2025数博会”）在贵州省贵阳市开幕。

基于价值理念的《中国数字安全价值图谱》更新版来了。

文章描述了一个名为CVE-2024-28080的Gitblit SSH服务认证绕过漏洞。该漏洞允许攻击者在未持有私钥的情况下通过空密码绕过身份验证。问题源于Gitblit与MINA SSHD库的交互设计，在公钥验证失败后未正确重置状态，导致后续密码验证被绕过。此漏洞影响所有支持SSH公钥认证的旧版本，并于2025年6月通过版本1.10修复。

A sophisticated supply chain attack has compromised the popular Nx build platform, affecting millions of weekly downloads and resulting in widespread credential theft.  The attack, dubbed “s1ngularity,” represents one of the most comprehensive credential harvesting campaigns targeting the developer ecosystem in 2025. GitGuardian observed that malicious actors infiltrated multiple Nx package versions (20.9.0 through 21.8.0) […]

The post Nx Packages With Millions of Weekly Downloads Hacked With Credential Stealer Malware appeared first on Cyber Security News.

根据发表在《科学》期刊上的一项研究，黄石公园内自由迁徙的野牛群不但改善了养分循环，而且提升了生态系统健康。北美历史上曾有着数千万头的野牛；它们的季节性迁徙改变了这片大陆广袤的草原生态系统。曾经数量庞大的野生、自由迁徙的野牛群如今已不复存在；它们目前仅存约 40 万头，且几乎全都以小群管控的形式存在于私人土地或公园和保护区内。野牛在黄石公园北部生态系统中的迁徙活动提供了一个难得的天然实验场所。研究人员在 2015 年至 2022 年间追踪了野牛在三大栖息地的 16 个地点的动态，测量了它们对碳氮动态、植物群落和土壤微生物学的影响。研究人员发现，野牛在加速氮循环、增加地上氮含量和改善景观营养品质的同时也稳定了植物的产量。研究结果表明，大型迁徙食草动物对生态的影响力不仅在于它们的体型，而且还在于它们的数量、密度和自由迁徙能力。

A vulnerability classified as critical has been found in code-projects Simple Grading System 1.0. This affects an unknown part of the file /delete_account.php of the component Admin Panel. Performing manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2025-9667. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in code-projects Simple Grading System 1.0. Affected by this issue is some unknown functionality of the file /delete_student.php of the component Admin Panel. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-9666. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-9665. The attack can be initiated remotely. Additionally, an exploit exists.