Aggregator

A vulnerability was found in Pacemaker and classified as critical. Affected by this issue is some unknown functionality of the component pcsd. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2022-1049. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in PCS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Unix Socket Handler. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2022-2735. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in QOS logback 1.4.11. This issue affects some unknown processing of the component Logback Receiver. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-6378. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

添加好友兑奖 TscanPlus

Первый в истории опыт звёздной навигации прошёл успешно на краю Солнечной системы.

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2025-7074. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in IPInfo Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-53482. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mbed TLS up to 3.6.3. It has been declared as problematic. Affected by this vulnerability is the function mbedtls_pem_read_buffer of the component PEM Handler. The manipulation leads to off-by-one. This vulnerability is known as CVE-2025-52497. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mbed TLS up to 3.6.3. It has been classified as problematic. Affected is an unknown function of the component AESNI Detection. The manipulation leads to compiler optimization removal or modification of security-critical code. This vulnerability is traded as CVE-2025-52496. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mbed TLS up to 3.6.3 and classified as problematic. This issue affects the function mbedtls_lms_verify. The manipulation leads to missing cryptographic step. The identification of this vulnerability is CVE-2025-49600. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IPInfo Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki and classified as problematic. This vulnerability affects unknown code. The manipulation leads to resource consumption. This vulnerability was named CVE-2025-53481. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in mbed TLS up to 3.6.3. This affects the function mbedtls_lms_import_public_key. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-49601. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #602353 / VDB-314973

The move to 47-day SSL certificates is a major step toward a more secure, automated internet. While it introduces new challenges, especially for organizations relying on manual processes, it ultimately pushes the ecosystem toward greater resilience and trust. 

The post The 47-Day SSL Certificate Era: What It Means for Site Owners and IT Teams appeared first on Security Boulevard.

Process by which a commercial organization may become an approved Common Criteria testing lab

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony.

The post Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App appeared first on Security Boulevard.

Law enforcement disrupts cybercrime networks, US agencies warn of Iranian cyber threats, and DPRK actors target Web3 with Nim-based malware.

The post The Good, the Bad and the Ugly in Cybersecurity – Week 27 appeared first on SentinelOne.

第二届“长城杯”信息安全铁人三项赛（防护赛）总决赛-Pwn方向部分题解 by ourren

SymAgent：基于神经符号自学习的知识图谱复杂推理智能体框架 by ourren

更多最新文章，请访问SecWiki

自二战以来一直持续到 2024 年，美国是自由世界毋庸置疑的科学领导者。一个注重事实、讲究科学真理、重视教育和公共利益的社会引领着一代又一代人持续突破和进步。但 2025 年 1 月起，美国享有盛名的科研机构如 NOAA、NASA、NSF、CDC、EPA 和 FDA 遭遇了一连串史无前例的内部攻击。随着新的预算（大而美法）获得众议院和参议院的批准即将成为法律，我们所熟悉的美国科研模式可能成为过去。对美国科学家而言，这是一场现实生活中的噩梦。即使发生最糟糕的事情，我们仍然有理由抱有希望。希特勒的德国也严重破坏了本国的科学研究，但大批流失的科学家最终惠及了世界其他地区，这一事件被称为“希特勒的礼物”。我们可能会见证美国科学的衰落，其他科学强国崛起。NASA 已经裁员逾 2500 人，正要求其他 3000 人自愿退休，受影响的主要是科学部门。NASA 正在进行的 124 个任务有 41 个面临完全取消，引力波探测器 LISA 面临失去 NASA 的资助。特朗普政府取消订阅《自然》期刊，这一事件几乎和纳粹德国如出一辙：《自然》自 1937 年起到二战结束被禁止收录进德国图书馆。如果美国不改变方向，2025 年不仅将标志着美国科学例外主义时代的终结；而美国人才流失的规模可能让“希特勒的礼物”都相形见绌。

A vulnerability, which was classified as critical, was found in Microsoft Windows 2000. This affects an unknown part in the library webvw.dll of the component Web View. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2005-1191. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component.