Aggregator

A vulnerability, which was classified as critical, has been found in Oracle MySQL Cluster and MySQL Server up to 7.6.34/8.0.42. This issue affects some unknown processing of the component Replication. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-53023. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Hyperion Financial Reporting 11.2.20.0.000. Affected by this issue is some unknown functionality of the component Workspace. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-50108. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Financial Services Analytical Applications Infrastructure 8.0.7.8/8.0.8.5/8.0.8.6/8.1.1.4/8.1.2.5. It has been classified as problematic. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-53031. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CommScope Ruckus Unleashed. It has been declared as critical. Affected by this vulnerability is the function stamgr_cfg_adpt_addStaFavourite/stamgr_cfg_adpt_addStaIot of the file /admin/_conf.jsp of the component Authenticated Endpoint. The manipulation of the argument Hostname leads to format string. This vulnerability is known as CVE-2025-46121. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in cnhcit Haichang OA 1.0.0. It has been rated as critical. Affected by this issue is the function hcit.project.rte.agents.UploadImages.class. The manipulation of the argument if leads to sql injection. This vulnerability is handled as CVE-2024-32323. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Mingyu Security Gateway and classified as critical. Affected by this vulnerability is an unknown functionality of the file /log/fw_security.mds. The manipulation of the argument log_type leads to command injection. This vulnerability is known as CVE-2023-47356. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in CommScope Ruckus Unleashed. This affects an unknown part of the file /admin/_conf.jsp of the component Configuration Endpoint. The manipulation leads to format string. This vulnerability is uniquely identified as CVE-2025-46123. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OA EKP 16. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ui/sys_ui_extend/sysUiExtend.do. The manipulation leads to permission issues. This vulnerability is known as CVE-2023-41566. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in CADImage Plugin on IrfanView. It has been rated as critical. Affected by this issue is some unknown functionality of the component CGM File Parser. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-7234. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in AdGuard Plugin up to 1.11.21 on macOS. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to sensitive information in log files. This vulnerability is known as CVE-2025-51497. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Island Lake WebBatch and classified as critical. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-53867. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

2025-07-256 min readOn July 23, 2025, the White House unveiled its AI Action Plan (Plan), a signific

The White House AI Action Plan is a pivotal policy document outlining the current administration's priorities and deliverables in AI to establish American AI as the gold standard for AI worldwide.

文章解释了错误代码521的原因及其解决方法。

HackerNews 编译，转载请注明出处： 威胁组织EncryptHub（又名Larva-208）通过入侵Steam平台游戏《Chemia》，向不知情用户分发信息窃取类恶意软件。 近日，该黑客组织将恶意二进制文件植入由“Aether Forge Studios”开发的生存制作类游戏《Chemia》中。该游戏目前以“抢先体验”形式登陆Steam，尚未公布正式发行日期。 据威胁情报公司Prodaft分析，攻击始于7月22日。EncryptHub在游戏文件中添加了恶意软件HijackLoader（文件名CVKRUTNP.exe），该程序在受害设备上建立持久化机制，并下载信息窃取程序Vidar（文件名v9d9d.exe）。研究人员发现，恶意软件通过某Telegram频道获取命令与控制（C2）服务器地址。 三小时后，攻击者再次通过DLL文件（cclib.dll）植入第二款恶意软件Fickle Stealer。该文件利用PowerShell脚本（worker.ps1）从域名soft-gets[.]com获取主载荷。Fickle Stealer专门窃取浏览器存储数据，包括账户凭证、自动填充信息、Cookie及加密货币钱包数据。该恶意软件去年曾被EncryptHub用于大规模鱼叉式钓鱼攻击，导致全球超六百家组织沦陷。 此威胁组织在黑客领域行为特殊：既恶意利用Windows零日漏洞，又曾向微软负责任的披露关键漏洞。Prodaft在报告中指出：“被篡改的可执行文件对Steam用户显示为合法程序，这种攻击依赖平台信任而非传统欺骗手段，形成高效的社会工程陷阱。当用户在免费游戏中点击《Chemia》的‘测试版’时，实际下载的是恶意软件。” 恶意软件在后台静默运行，不影响游戏性能，玩家难以察觉异常。目前尚不清楚EncryptHub如何将恶意文件植入游戏项目，推测可能有内部人员协助。游戏开发商未在Steam页面或社交媒体发布任何声明。 截至发稿，《Chemia》仍可于Steam下载，无法确认最新版本是否已清除恶意代码。建议用户等待Steam官方公告前避免接触该游戏。 此为Steam平台2025年第三起恶意软件事件：此前3月《Sniper: Phantom’s Resolution》与2月《PirateFi》均曾中招。三款游戏均为“抢先体验”阶段作品，表明Steam对此类内容的审核机制可能存在疏漏。用户下载开发中游戏时需保持警惕。 本次攻击的入侵指标（IOC）已公开。       消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, has been found in Oracle Database Server up to 19.27/21.18/23.8. Affected by this issue is some unknown functionality of the component Materialized View Component. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-50066. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle BI Publisher 7.6.0.0.0/8.2.0.0.0/12.2.1.4.0 and classified as critical. This vulnerability affects unknown code of the component Web Server. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-50060. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

决赛倒计时两天！攻防博弈，巅峰亮剑！

当前环境出现异常,需完成验证后方可继续访问.

文章讨论了错误代码521的含义和解决方法，指出该错误通常与网络连接问题相关，并提供了排查和修复的步骤。