Aggregator

A vulnerability was found in CADImage Plugin on IrfanView and classified as critical. This issue affects some unknown processing of the component DXF File Parser. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2025-7257. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CADImage Plugin on IrfanView. It has been classified as critical. Affected is an unknown function of the component DWG File Parser. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-7258. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CADImage Plugin on IrfanView. This issue affects some unknown processing of the component DWG File Parser. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-7251. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in CADImage Plugin on IrfanView. Affected is an unknown function of the component DWG File Parser. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-7250. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

火狐浏览器官网从Mozilla.org迁至Firefox.com，启用品牌域名。新网站更简洁，谋智基金会未解释迁移原因。其他浏览器如Chrome和Edge使用企业主域名下的子路径。

免责声明本文中所涉及的技术、思路仅为学习交流，由于传播、利用本公众号所提供的信息而造成的任何直接或者间接的后

当前环境异常，需完成验证后继续访问。

A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate npmjs.org site and harvest developer credentials through convincing phishing emails. The malicious campaign represents a […]

The post Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens appeared first on Cyber Security News.

A vulnerability was found in CADImage Plugin on IrfanView. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component DWG File Parser. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-7241. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Coercer A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods. Features  Automatically detects open SMB pipes on the remote machine.  Calls one by one all...

The post Coercer: automatically coerce a Windows server to authenticate on an arbitrary machine appeared first on Penetration Testing Tools.

万字长文，慎入！

当前环境异常，需完成验证后方可继续访问。

京东领投三家具身智能公司；Uber 接入微信，上线官方小程序；抖音上线电影评分功能

当前环境出现异常问题,需完成验证后才能继续访问,系统已提供验证链接供操作.

OPPO发布K13 Turbo系列手机；乐凯C200彩色胶卷复产；英特尔终止Clear Linux开发；英伟达推出轻量化推理模型；微软关闭电影和电视商店并修复SharePoint漏洞；《仙剑奇侠传一》将动画化。

文章介绍了一项关于网络设备备份的实验，通过TFTP技术导出和导入路由器备份文件，并详细讲解了路由器与交换机的功能区别及实验步骤。

A sophisticated phishing campaign has emerged targeting Node.js developers through a meticulously crafted attack that impersonates the official npm package registry. The malicious operation utilizes the typosquatted domain npnjs.com, substituting the letter “m” with “n” to create a nearly identical copy of the legitimate npmjs.com website. This attack demonstrates an alarming evolution in supply chain […]

The post Developers Beware of npm Phishing Email That Steal Your Login Credentials appeared first on Cyber Security News.