Aggregator

Миллиарды корпоративных файлов перекочевали в даркнет из-за CVE-2025-54309.

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

A vulnerability, which was classified as problematic, was found in Avahi. This affects an unknown part of the component DNS Response Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2024-52615. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Gutentor Plugin up to 3.4.8 on WordPress. This issue affects some unknown processing of the component Widget. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-4685. The attack may be initiated remotely. There is no exploit available.

Get Q2 2025 Report Based on real data from 15,000+ global SOC teams. Top malware types, families, and APTs Changes in threat landscape since Q1 2025 What SOC teams need to focus on Opt in to receive news, updates, and promotions. Get free report Loading… A copy of the report has been sent to your […]

The post Malware Trends Report, Q2 2025: Know the Key Risks to Your Business appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in actions toolkit up to 2.1.6. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-42471. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. This vulnerability was named CVE-2025-7952. The attack can be initiated remotely. Furthermore, there is an exploit available.

2025年07月14日-2025年07月20日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家

速速上车！

A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /send_message.php. The manipulation of the argument chat_msg/your_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7951. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

2019 年离婚、自新冠疫情以来基本上一直住在游轮上的 Valve 联合创始人 Gabe Newell 罕见的接受了一位 YouTube 主播 Zalkar Saliev 的采访，谈论了他的个人生活。62 岁的 Newell 称他在卧室工作一周工作七天。他说，自己起床、工作，潜水，然后再工作，再潜水或去健身，然后再继续工作。他说自己不是被迫加班，而是做自己感觉有趣的东西。他的工作内容包括了 AI、Steam、研究气溶胶病原体检测装置、脑机接口等等。他控制了 Valve 50.1% 的股份，净资产大约 100 亿美元。

A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. This vulnerability is handled as CVE-2025-7950. The attack may be launched remotely. Furthermore, there is an exploit available.

企业屡屡遭遇相同的安全漏洞，这些漏洞是什么？又该如何解决呢？

Submit #619319 / VDB-317098

上周关注度较高的产品安全漏洞(20250714-20250720)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞620个，其中高危漏洞272个、中危漏洞302个、低危漏洞46个。

0x01 前言 下午，一个老朋友发来一批资产让我找个有效漏洞，原因是厂商弄活动，提交有效漏洞可获取

该文章介绍了数字取证科学及其应用范围。数字取证涉及从数字设备中恢复和调查材料，并用于计算机犯罪的归属和事件重建。该领域结合了信息安全原则，并涵盖个人电脑、手机、视频等多种媒体类型。

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. This vulnerability is known as CVE-2025-7949. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

India’s second-largest cryptocurrency exchange, CoinDCX, confirmed a sophisticated security breach on July 19, 2025, resulting in approximately $44.2 million being stolen from the platform. This incident marks another significant cyberattack on India’s crypto infrastructure, coming exactly one year after the devastating WazirX hack that cost investors $235 million. Key Takeaways1. CoinDCX lost $44.2 million to […]

The post CoinDCX Hacked – $44.2 million Wiped off From the Platform appeared first on Cyber Security News.