Aggregator

A vulnerability marked as problematic has been reported in OpenJPEG 2.5.0. This impacts an unknown function of the file /openjp2/dwt.c. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2025-50952. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in GStreamer up to 1.26.1. Affected by this vulnerability is the function qtdemux_parse_tree of the component MP4 File Parser. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-47183. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability identified as critical has been detected in libav up to 12.3. This issue affects the function main of the file /avtools/avconv.c of the component DSS File Demuxer. This manipulation causes double free. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2025-8585. The attack is restricted to local execution. Moreover, an exploit is present. The bug was initially reported by the researcher to the wrong project.

GoDaddy Security researchers have unveiled a detailed analysis of Help TDS, a sophisticated Traffic Direction System operational since at least 2017, which exploits compromised websites to funnel traffic toward malicious scams. This operation supplies affiliates with PHP code templates that are injected into legitimate sites, primarily WordPress installations, to redirect visitors to fraudulent pages mimicking […]

The post Help TDS Hacks Legitimate Websites, Using PHP Templates to Display Fake Microsoft Security Alerts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

密歇根州的研究人员调查了亚马逊、Google、微软、Meta、Digital Realty 和 Equinix 六大公司数据中心用水量。亚马逊每年会发布可持续发展报告，但报告没有披露数据中心的用水量，微软的情况类似，Google 和 Meta 的报告更详细。根据 Google 和 Meta 的报告，2023 年 Meta 全球用水量为 8.13 亿加仑，其中 95% 即 7.76 亿加仑用于数据中心；2023 年 Google 全球运营用水量为 64 亿加仑，其中 95% 即 61 亿加仑用于数据中心，2024 年 Google 位于爱荷华州 Council Bluffs 的数据中心用水量达到了 10 亿加仑，是其所有数据中心中用水量最高的，用水量最少的是 Google 位于德州 Pflugerville 的数据中心，用水量 1 万加仑，相当于德州一个家庭两个月的用水量，该数据中心采用风冷而非水冷。

A vulnerability, which was classified as problematic, was found in Cisco Nexus 9000 9000. Impacted is an unknown function of the component ACI Mode Link Layer Discovery Protocol. The manipulation results in denial of service. This vulnerability is reported as CVE-2023-20089. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

Noah Michael Urban, a 20-year-old Florida man, was sentenced for his role as a member of the notorious Scattered Spider threat group in a series of phishing and other scams between 2022 and 2023 in which they got victims' credentials and used them to steal corporate information, customer data, and cryptocurrency.

The post 20-year-old Scattered Spider Member Sentenced to 10 Years in Prison appeared first on Security Boulevard.

Кража данных, фальшивые квартиры и целая сеть подпольных сервисов.

Operation Serengeti 2.0 dismantled almost 11,500 malicious infrastructures between June and August. Officials arrested more than 1,200 alleged cybercriminals.

The post Interpol-led crackdown disrupts cybercrime networks in Africa that caused $485 million in losses appeared first on CyberScoop.

A vulnerability, which was classified as critical, was found in Microsoft Windows NT 4.0/2000. This affects an unknown part in the library nsiislog.dll of the component Media Services. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2003-0227. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to implement a patch to correct this issue.

关键词漏洞🔍 漏洞核心解读➤ 攻击原理黑客通过伪造透明的网页弹窗（如虚假双重认证界面），诱骗用户点击看似正常

关键词近年来，国家安全机关已顺藤摸瓜，查获“资通电军”在用的数十个网攻平台，将依据有关规定，对“台独”分裂势力

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability, which was classified as critical, was found in AVEVA PI Integrator for Business Analytics up to 2020 R2 SP1. Impacted is an unknown function. Such manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-54460. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability described as problematic has been identified in Hippo4j up to 1.5.0. Affected is an unknown function of the component JSON Web Token Handler. Such manipulation leads to use of hard-coded cryptographic key . This vulnerability is referenced as CVE-2025-51606. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability classified as critical has been found in Alludo MindManager up to 24.1.149 on Windows. Affected by this issue is some unknown functionality of the component File Attachment Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-56179. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in MCSManager 10.5.3. This issue affects some unknown processing. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-50691. The attack needs to be initiated within the local network. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability was found in JeecgBoot up to 3.8.0 and classified as critical. The affected element is an unknown function of the file /jeecg-boot/online/cgreport/head/parseSql. Executing manipulation can lead to sql injection. This vulnerability is tracked as CVE-2025-51825. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The manipulation of the argument triggerRuleName/schedule leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2025-9363. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.