Aggregator

RomCom Group Deployed SnipBot, RustyClaw and Mythic Agent Variants
A Russian speaking hacking group is exploiting a zero-day flaw in WinRAR, a sign of the group's growing sophistication and evolution from a cybercrime outfit into a cyberespionage operation. The campaign exploited a vulnerability now tracked as CVE-2025-8088, a path traversal vulnerability.

US Reportedly Blames Kremlin for Major Breach Affecting Court Management System
U.S. Department of Justice officials were reportedly recently informed that "persistent and sophisticated cyberthreat actors have recently compromised sealed records" in a widespread attack on a court management system containing sensitive records with potential national security implications.

OpenAI, Anthropic Launch $1 Year-Long Offerings as Critics Warn of Vendor Lock-In
Leading artificial intelligence firms are racing to introduce services to federal agencies with ultra low-cost first-year contracts, despite warnings that the bids may lead to vendor lock-in, compliance risks and future challenges adopting emerging technology offerings from competitors.

立即查看漏洞详情

立即查看详情 →

文章描述了错误代码521的原因及解决方法，指出该错误通常由ISP配置问题或网络连接异常导致，并提供了重启设备、检查配置、联系ISP等解决步骤。

HackerNews 编译，转载请注明出处： 网络安全公司Profero的研究人员成功破解了DarkBit勒索软件的加密机制，使受害者无需支付赎金即可免费恢复文件。不过该公司目前尚未正式发布解密工具。 以色列国家网络管理局（INCD）确认DarkBit勒索软件行动与伊朗背景的APT组织”MuddyWater”存在关联。2023年，Profero曾协助处理一起针对VMware ESXi服务器的DarkBit攻击事件，该事件疑似是对伊朗无人机袭击的报复行为。攻击者未进行赎金谈判，而是专注于业务中断和舆论施压——他们伪装成亲伊朗黑客组织，不仅索要80枚比特币，还在勒索信中添加反以色列政治内容。 加密缺陷与技术突破 研究人员发现该勒索软件采用AES-128-CBC加密时，其密钥生成算法存在严重缺陷。通过结合文件时间戳和已知VMDK文件头特征，团队将密钥空间缩小至数十亿种可能，为暴力破解创造了条件。在专用测试工具辅助下，首个VMDK文件于高性能计算（HPC）环境中耗时24小时完成破解。但该方法存在局限性：单个文件解密需1天时间，且HPC环境扩展能力受限。 创新性解决方案 进一步分析揭示：勒索软件仅加密了文件部分内容。研究人员利用VMDK文件”稀疏存储”特性（即磁盘映像中实际存储数据的区块占比极低），直接提取未加密区块，成功恢复90%以上关键文件。“统计显示，VMDK文件系统内大部分文件实际未被加密，我们只需遍历文件系统即可直接获取所需数据”，研究人员在报告中指出。该方法绕过了解密流程，大幅提升恢复效率。 当前进展与建议 虽然技术验证已成功，但Profero强调需进一步优化解密工具的可扩展性。该公司建议受影响机构：暂勿重建受损系统，保留加密文件副本以待后续解密工具发布；同时可通过专业数据恢复手段尝试提取未加密区块。       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

门罗币XMR遭遇51%攻击，矿池Qubic掌控52.72%算力致链重组并暂停提现。

A vulnerability classified as critical was found in Rsync. This vulnerability affects unknown code of the component Recursive Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2024-12087. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Ivanti Endpoint Manager. It has been classified as critical. This affects an unknown part. The manipulation leads to untrusted search path. This vulnerability is uniquely identified as CVE-2024-13158. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM App Connect Enterprise up to 12.0.7.0/13.0.1.0. This issue affects some unknown processing. The manipulation leads to improper management of sensitive trace data. The identification of this vulnerability is CVE-2024-49338. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in IP2Location Download Country Blocker Plugin up to 2.38.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-24731. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in IBM Cloud Pak for Business Automation up to 22.0.2. This issue affects some unknown processing. The manipulation leads to incorrect privilege assignment. The identification of this vulnerability is CVE-2024-49348. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM Cloud Pak for Business Automation up to 22.0.2. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-52365. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM Cloud Pak for Business Automation up to 22.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-52364. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM App Connect Enterprise up to 12.0.12.10/13.0.2.1 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2025-0799. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM Jazz for Service Management up to 1.1.3.23. This affects an unknown part of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-52892. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SimplePress Forum Plugin up to 6.10.11 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument s leads to cross site scripting. This vulnerability is known as CVE-2024-12409. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in smub WPForms Plugin up to 1.9.3.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13403. It is possible to launch the attack remotely. There is no exploit available.

文章描述了错误代码521的原因、影响及解决方法。