Aggregator

A vulnerability classified as problematic has been found in zenml-io zenml up to 0.67.x. This affects an unknown part of the file /api/v1/device_authorization. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2024-9340. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OctoPrint up to 1.10.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to authentication bypass by spoofing. This vulnerability is known as CVE-2025-32788. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CVE-2025-6829 RTL8762E BLE SDK 1.4.0. It has been classified as problematic. Affected is an unknown function of the component Bluetooth Low Energy Stack. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-44559. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Cypress PSoC4 3.66. It has been rated as critical. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Stack. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2025-44557. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as very critical has been found in Dover Fueling Solutions ProGauge MagLink LX consoles. Affected is an unknown function of the component Target Communication Framework Interface. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-5310. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in MIKO MikoPBX up to 2024.1.114. This vulnerability affects unknown code of the file PBXCoreREST/Controllers/Files/PostController.php. The manipulation leads to relative path traversal. This vulnerability was named CVE-2025-52207. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Mobilteg Mobile Informatics Mikro Hand Terminal. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-12143. The attack may be initiated remotely. There is no exploit available.

Chinese-Made AI App Faces European Privacy Pushback
A German data regulator on Friday ordered Apple and Google to remove the Chinese artificial intelligence DeepSeek app from online stores over non-compliance with privacy and digital service rules. Commercial transfers of data outside of trading bloc members are governed by a complex legal system

Alerts Come on the Heels of Recent Attacks on Insurers
U.S. federal authorities are warning the public and healthcare sector entities of email and fax phishing scams by fraudsters seeking to steal personal information about patients or payments. The warnings come as three large U.S. insurers continue to recover from recent cyberattacks.

Thousands of MCP Servers Leave AI Apps Open to Attack Surfaces
Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

State Moves to Restructure Cyber Bureau and Issue Mass Layoffs Despite Court Order
Current and recent former Department of State staffers told Information Security Media Group the agency is preparing to implement layoffs and begin a reorganization despite a San Francisco federal district court order blocking across-the-board layoffs at federal agencies.

A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. This vulnerability is traded as CVE-2025-6772. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal. This vulnerability is known as CVE-2025-6773. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

用MCP在ChatGPT看片还能中毒？

微软发布Windows 11 25H2首个测试版，集成1Password等密码管理器，支持Passkey保存至第三方而非系统。修复资源管理器崩溃、开始菜单重复条目等问题，并改进对话框文本显示。部分用户可能遇到安装失败问题，微软正在解决中。

微软确认Windows 11 25H2将在今年晚些时候推出，利用eKB启用包快速升级已开发但未启用的功能。该版本面向开发者和Beta通道已推送测试，并计划于9月至10月正式发布。家庭版和专业版将获得24个月支持，企业版则为36个月。

零、引言：在演练中活着，在现实中消失人们常说，护网是网络安全界的“大阅兵”。每年一次，红蓝对阵，政企联动，战

Airspy推出2025夏季促销活动，时间为6月27日至30日，提供20%折扣优惠。涵盖Airspy R2、Mini、HF+ Discovery等产品及YouLoop天线。部分商品享受全球免费配送（不含关税）。美国客户可通过iTea新仓库购买以避免高关税。活动期间转发促销帖有机会赢赠品。

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球