Aggregator

A vulnerability was found in Node.js up to 20.19.3/22.17.0/24.4.0 and classified as problematic. This issue affects some unknown processing of the component Windows Device Name Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-27210. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Node.js up to 24.4.0 and classified as problematic. This vulnerability affects unknown code of the component V8. The manipulation leads to denial of service. This vulnerability was named CVE-2025-27209. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in wolfSSL up to 5.8.0. This affects the function RAND_poll. The manipulation leads to insufficiently random values. This vulnerability is uniquely identified as CVE-2025-7394. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in wolfSSL up to 5.8.0. Affected by this issue is some unknown functionality of the component Server Certificate Domain Handler. The manipulation leads to improper certificate validation. This vulnerability is handled as CVE-2025-7395. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-7855. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-7854. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-7853. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #616367 / VDB-316945

Submit #616366 / VDB-316944

Submit #616359 / VDB-316943

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of the SQL injection flaw in cyberattacks worldwide. The vulnerability, tracked as CVE-2025-25257, affects Fortinet’s FortiWeb web application firewall and carries a severe CVSS score of 9.6 out of 10. […]

The post CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

文章描述了一次针对财富500强公司的红队渗透测试，团队通过克隆门禁卡、伪装打印机和利用鼠标劫持攻击分散安全团队注意力的方式，在一周内成功渗透至支付基础设施。

CrushFTP警告称，威胁 actors 正在利用一个零日漏洞（CVE-2025-54309），该漏洞允许攻击者通过 Web 接口获得管理权限。该漏洞影响 CrushFTP 旧版本（v10.8.5 和 v11.3.4_23 之前），已更新至最新版本的用户不受影响。攻击者可能通过逆向工程发现此漏洞，并利用未及时修补的系统进行入侵。建议用户保持定期更新以避免受此漏洞影响。

本文提出了一种改进的语言模型训练方法——多令牌预测（multi-token prediction），用于提升生成和推理任务的效果。实验表明该方法在大规模模型中表现优异，尤其在代码相关任务中显著提升性能。通过与投机解码结合，推理速度可提高3倍。研究还探讨了未来优化方向及潜在影响。

本文探讨了语言模型中的多目标预测方法及其在生成任务中的应用效果。通过混合任务训练（如掩码、排列序列等）和多令牌预测技术（如跨度掩码、随机排列），模型能够更高效地利用输入信息并减少过拟合风险。研究还引入了自推测解码方案以提升推理速度，并结合多任务学习策略进一步优化模型性能。

文章介绍了如何使用Reddit的导航功能，包括访问主页、下载应用以及登录步骤。

A newly discovered version of the SquidLoader malware has surfaced during a targeted attack on institutions in Hong Kong, sparking significant concern within the financial sector. Of particular alarm is its near-complete evasion of...

The post New SquidLoader Variant Unleashed: Stealthy Malware Hits Hong Kong Financial Sector Undetected appeared first on Penetration Testing Tools.

Microsoft has begun rolling out an update to the Copilot app for Windows, significantly enhancing its artificial intelligence capabilities through the introduction of the Desktop Share feature. With this update, Copilot can now “see”...

The post Microsoft Copilot Gets “Eyes”: New Desktop Share Feature Analyzes Your Screen in Real-Time appeared first on Penetration Testing Tools.

Attacks targeting outdated SonicWall SMA 100 devices have once again exposed the fragility of network perimeters often overlooked by conventional security systems. According to the Google Threat Intelligence Group (GTIG), a targeted campaign employing...

The post SonicWall SMA 100 Devices Under Persistent Attack: UNC6148 Deploys Stealthy OVERSTEP Rootkit appeared first on Penetration Testing Tools.