Aggregator

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The identification of this vulnerability is CVE-2025-6148. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in cri-o up to 1.28.6/1.29.4/1.30.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /proc/mounts. The manipulation leads to symlink following. This vulnerability is handled as CVE-2024-5154. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is known as CVE-2025-6162. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is handled as CVE-2025-6163. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability was named CVE-2025-6165. The attack can be initiated remotely. Furthermore, there is an exploit available.

Threat actors are leveraging deceptive tactics to distribute a fileless variant of AsyncRAT, a notorious remote access Trojan. Discovered during routine attacker infrastructure analysis, this operation employs a fake verification prompt themed around the “Clickfix” technique to trick users into executing malicious commands. The campaign, which appears to target German-speaking individuals as evidenced by the […]

The post Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

pydantic-ai 通过将结构化输出巧妙地抽象为一种强制性的工具调用，并深度整合 Pydantic 的模式生成与验证能力，实现了一套极为可靠的 LLM 输出约束机制...

ModelContext Inspector 未授权访问漏洞(CVE-2025-49596)

双方聚焦云安全、智算数据中心建设、大模型安全等关键领域，推动产品与业务场景融合，打造领先数字化安全底座。

关键词安全漏洞2025年5月21日，Grafana Labs 发布安全更新，修复了由安全研究人员 Alvaro

关键词Windows2025年4月，微软发布了一项关于 Windows Hello 的重要安全通告，修复了编号

关键词罗马仕近日，多所高校陆续发布通知，提醒师生停止使用罗马仕部分型号充电宝，因其在充电过程中存在更高的起火爆

关键词勒索软件近日，网络安全公司趋势科技发布报告，揭示新兴勒索软件即服务（RaaS）平台“Anubis”的危险

A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS. The flaw, tracked as CVE-2025-3464, allows attackers to bypass security controls and gain the highest level of privileges on affected systems, potentially […]

The post ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

速修复

速修复

GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500. “Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On June 16, GreyNoise observed […]

Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports. The list of vulnerabilities is as follows -

Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today’s ransomware attacks initially target your last line of defense — your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.

Никто не знает, кто украл миллионы, но деньги вернулись — частично и очень странным путём.