Aggregator

A vulnerability classified as problematic has been found in Mbed TLS up to 2.28.9/3.6.2. This affects the function mbedtls_ssl_set_hostname. The manipulation of the argument Hostname leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-27809. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.2. It has been declared as critical. Affected by this vulnerability is the function udma_probe of the component dmaengine. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-38138. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in GNU C Library up to 2.33. This issue affects the function parse_param of the file posix/wordexp.c. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2021-35942. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

PrivacyCheckGo 是一款基于Go语言开发的敏感信息检测工具

谷歌向发现Chrome沙盒逃逸漏洞的研究人员奖励25万美元，创Chrome VRP计划最高纪录。该高危漏洞已修复并公开细节。

NIST's Apostol Vassilev Explains Need for Dynamic Response, Not Static Testing
As AI models grow in scale and power, leading to even more unpredictable outcomes, security teams are grappling with how to defend technologies that some experts can't begin to fully comprehend. Cyber response teams are exploring the practice of continuous red teaming, said NIST's Apostol Vassilev.

Tokio Marine HCC Targets Vulnerabilities Before They’re Exploited
With ransomware incidents at record highs, Tokio Marine HCC integrates dark web monitoring, vulnerability scanning and incident data into its underwriting process to help clients close gaps and lower the chance of costly breaches.

At Least 918K Affected in 2024 BianLian Data Theft Attack
A New York-based pediatric practice and its managed services vendor have agreed to pay $5.15 million to settle a proposed class action lawsuit stemming from a 2024 data theft attack affecting more than 918,000 people and allegedly carried out by cybercrime gang BianLian.

NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure
A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure.

On August 3rd, 2025 GreyNoise observed a significant spike in brute-force traffic targeting Fortinet SSL VPNs. Over 780 unique IPs triggered our Fortinet SSL VPN Bruteforcer tag in a single day — the highest single-day volume seen on this tag in recent months.

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands.

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands.

文章未找到,提示检查地址并重试,错误代码404.

责罚从严，企业请对照清单自查！

A vulnerability, which was classified as critical, was found in WP Compress Plugin up to 6.30.15 on WordPress. This affects the function init. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-2109. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in WP Compress Plugin up to 6.30.15 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-2110. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Arcadia Crafty Controller up to 4.2.3/4.3.2/4.4.9. This issue affects some unknown processing of the component Server Name Form/API Key Form. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-5990. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in conda-build up to 25.3.0. It has been classified as problematic. Affected is the function write_build_scripts of the file conda_build.sh of the component File Creation Handler. The manipulation leads to insecure inherited permissions. This vulnerability is traded as CVE-2025-32797. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.8.9 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the component File Extension Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-3515. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Red Hat Ansible Automation Platform and classified as problematic. This issue affects some unknown processing. The manipulation leads to sensitive cookie without secure attribute. The identification of this vulnerability is CVE-2025-53861. The attack may be initiated remotely. There is no exploit available. It is recommended to apply the suggested workaround.