Aggregator

Submit #626680 / VDB-319350

Submit #626688 / VDB-166836

A vulnerability, which was classified as problematic, has been found in EMQX up to 5.8.5. This issue affects some unknown processing of the component Novel Plugin Handler. The manipulation leads to improper check for unusual conditions. The identification of this vulnerability is CVE-2025-52136. The attack may be initiated remotely. There is no exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to upgrade the affected component.

Submit #626679 / VDB-166834

DFIR services enable organizations to pre-arrange external expert assistance that accelerates containment and minimizes the impact of a major cyber-attack. This marks the fourth consecutive year Sygnia has been recognized by Gartner in this category.

The post Sygnia Recognized for the Fourth Consecutive Year in the Gartner 2025 Market Guide for Digital Forensics and Incident Response Retainer Services appeared first on Sygnia.

文章描述了一次因泥石流导致行程变更的川西之旅。游客们在阴雨天气和高原反应中游览了康定、木格措、墨石公园等地，并体验了当地自然风光与文化。尽管面临挑战，提前准备和旅行社的支持使旅程顺利完成。

Tailwind CSS 创始人因五年前将 Tailwind UI 按钮设为靛蓝色而致歉，称这导致 AI 生成的 UI 也多为该颜色。

Currently trending CVE - Hype Score: 12 - A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not ...

Lenovo webcam flaws, dubbed BadCam, let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Eclypsium researchers found vulnerabilities in some Lenovo webcams, collectively dubbed BadCam, that could let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Principal security researchers Jesse Michael and Mickey Shkatov demonstrated […]

Lenovo部分型号摄像头存在漏洞（BadCam），运行Linux且未验证固件。研究人员发现这些设备可被转化为BadUSB装置，用于注入按键记录或发起操作系统无关的攻击。攻击者可远程劫持摄像头并重新刷写固件，使其模拟恶意HID或注入恶意负载。Lenovo已发布更新工具修复此漏洞。

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN  The State of Ransomware – Q2 2025  Malware 101: a comprehensive guide  Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed […]

网站使用cookies记录用户偏好和访问记录以优化体验。用户可选择接受所有cookies或通过设置进行个性化管理。

5 причин обновиться до Debian 13 прямо сейчас.

Join our live webinar to explore a real-world APT case with Sygnia’s IR experts.
See how attackers turned Zoom into a RAT, used ARP for covert command delivery, and executed stealthy HID-based actions.

The post On-Demand Webinar – Inside a Malware Ecosystem: How North Korean IT Workers Operate Undetected appeared first on Sygnia.

Разработчики решили предоставить нам выбор.

这篇文章介绍了HackerNoon本周的热门技术内容，包括Golang开发MCP服务器提升Claude智能、Alibaba发布高质量AI视频生成模型Wan 2.2、IP地址变化频率及其对数据准确性的影响、MySQL数据类型使用指南等技术趋势与工具更新。

Tech giant Google has officially acknowledged a significant data breach affecting its corporate Salesforce database, with the company completing email notifications to affected users as of August 8, 2025. Google revealed on August 5 that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cybercriminal group known as ShinyHunters, officially […]

The post Google Confirms Data Breach – Notifying Users Affected By the Cyberattack appeared first on Cyber Security News.

作者在调试循环重定向时发现了一个开放重定向漏洞，并通过注入恶意链接尝试 hijack session。尽管初始测试被阻止，但最终导致了递归重定向的 nightmare。

Google AppSheet平台被发现存在反序列化远程代码执行漏洞，允许攻击者通过恶意payload在后端执行PowerShell命令。安全研究员Chip发现此漏洞后向Google报告，Google迅速修复并支付了1万美元赏金以保护数百万用户。

一位安全测试人员在运行大规模侦察时发现了一个隐藏在OAuth授权流程后的GraphQL端点，并通过工具定位到一个可疑域名auth-api.target.com。