Aggregator

Submit #636127 / VDB-321694

【近期工作】TETD:在可信域中可信执行这篇工作发表于 USENIX Security 2025，由南方科技

Make sure your Chrome browser is updated to the latest version to stay protected.

Currently trending CVE - Hype Score: 1 - Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

Currently trending CVE - Hype Score: 1 - Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

A vulnerability classified as critical was found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8785, MT8789, MT8791 and MT8797. The affected element is an unknown function of the component msdc. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2023-20626. The attack needs to be approached locally. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as critical, has been found in MediaTek MT6879, MT6895, MT6983, MT8167 and MT8168. The impacted element is an unknown function of the component pqframework. This manipulation causes out-of-bounds write. The identification of this vulnerability is CVE-2023-20627. The attack can only be executed locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in MediaTek MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8175, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T and MT8797. This affects an unknown function of the component thermal. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2023-20628. The attack can only be performed from a local environment. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability has been found in MediaTek MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666 and MT8675 and classified as critical. This impacts an unknown function of the component usb. Performing manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2023-20630. The attack is only possible with local access. There is not any exploit available. It is suggested to install a patch to address this issue.

Submit #636083 / VDB-321693

Submit #636082 / VDB-321692

A vulnerability classified as problematic has been found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8781, MT8791, MT8791T and MT8797. Impacted is an unknown function of the component adsp. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2023-20625. Local access is required to approach this attack. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability described as critical has been identified in MediaTek MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6983, MT8781, MT8791, MT8791T and MT8797. This issue affects some unknown processing of the component vow. Executing manipulation can lead to buffer overflow. This vulnerability is handled as CVE-2023-20624. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability marked as problematic has been reported in MediaTek MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8173, MT8532, MT8666, MT8667 and MT8788. This vulnerability affects unknown code of the component ion. Performing manipulation results in time-of-check time-of-use. This vulnerability is known as CVE-2023-20623. Attacking locally is a requirement. No exploit is available. To fix this issue, it is recommended to deploy a patch.

英伟达已经陷入小超预期就是不及预期的怪圈。

Discover today’s top cyber attack methods social engineering, ransomware, cloud abuse, and post-exploitation and the defense strategies that work. Join Sygnia’s LIVE webinar on Sept 17 with Ori Naishtein and Ron Yosefi to learn how MDR enhances detection and response.

The post On-Demand Webinar: Today’s Top 4 Cyber Attacks and How to Defend Against Them appeared first on Sygnia.

The Netherlands announced on Thursday that it was targeted by a Chinese cyber-espionage campaign tracked as Salt Typhoon and RedMike that has been compromising critical infrastructure globally.

Cybersecurity models are structured frameworks that educational institutions reference to contain and mitigate cyberthreats. These models range in scope, from basic confidentiality guidelines to full-scale, multi-layered frameworks. Most are sector-agnostic — very few apply to K-12 schools specifically. That’s why ManagedMethods produced a cybersecurity model specifically for K-12 schools. Read on to understand its core ...

The post Cybersecurity Models For K-12 School Districts appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Cybersecurity Models For K-12 School Districts appeared first on Security Boulevard.

CISA released nine Industrial Control Systems (ICS) advisories on August 28, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-240-01 Mitsubishi Electric MELSEC iQ-F Series CPU Module
• ICSA-25-240-02 Mitsubishi Electric MELSEC iQ-F Series CPU Module
• ICSA-25-240-03 Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
• ICSA-25-240-04 Delta Electronics CNCSoft-G2
• ICSA-25-240-05 Delta Electronics COMMGR
• ICSA-25-240-06 GE Vernova CIMPLICITY
• ICSA-24-135-04 Mitsubishi Electric Multiple FA Engineering Software Products (Update D)
• ICSA-25-140-04 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update B)
• ICSA-25-184-01 Hitachi Energy Relion 670/650 and SAM600-IO series (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation