Aggregator

A vulnerability identified as problematic has been detected in Siemens TIA Administrator up to 3 SP1 on Windows. This affects an unknown function. This manipulation causes creation of temporary file in directory with insecure permissions. This vulnerability appears as CVE-2023-38533. The attack requires local access. There is no available exploit. It is suggested to install a patch to address this issue.

A vulnerability was found in goauthentik authentik and classified as critical. The impacted element is an unknown function. Executing manipulation can lead to improper access controls. This vulnerability is registered as CVE-2024-38371. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Tenda AC20 16.03.08.12. It has been rated as critical. This affects the function save_virtualser_data of the file /goform/formSetVirtualSer. Performing manipulation of the argument list results in stack-based buffer overflow. This vulnerability is known as CVE-2025-9088. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability has been found in TOTOLINK A3002R 4.0.0-B20230531.1404 and classified as critical. The affected element is an unknown function of the file /boafrm/formMapDelDevice. This manipulation of the argument Hostname causes buffer overflow. This vulnerability is handled as CVE-2025-55587. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404 and classified as critical. The impacted element is an unknown function of the file /boafrm/formPortFw. Such manipulation of the argument fw_ip leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-55588. The attack can be launched remotely. No exploit exists.

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been rated as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice. The manipulation of the argument clientoff leads to os command injection. This vulnerability is referenced as CVE-2025-55589. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in TOTOLINK A3002R 4.0.0-B20230531.1404. This vulnerability affects unknown code of the file bupload.html. Performing manipulation results in command injection. This vulnerability is cataloged as CVE-2025-55590. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in TOTOLINK A3002R 4.0.0-B20230531.1404. This issue affects some unknown processing of the file formMapDel. Executing manipulation of the argument devicemac can lead to command injection. This vulnerability is registered as CVE-2025-55591. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Tenda AC20 16.03.08.12. It has been declared as critical. Affected by this issue is the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. Such manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-9087. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Tenda AC20 16.03.08.12. This vulnerability affects the function sub_48E628 of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2025-9089. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in Tenda AC20 16.03.08.12. This issue affects the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-9090. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in Tenda AC20 16.03.08.12. Impacted is an unknown function of the file /etc_ro/shadow. The manipulation results in hard-coded credentials. This vulnerability was named CVE-2025-9091. The attack needs to be approached locally. In addition, an exploit is available.

Самые востребованные вредоносы глазами экспертов Positive Technologies.

Google 首次披露了其 AI 聊天机器人 Gemini 每次查询的耗电量：中位数是 0.24 瓦时。相当于一台标准微波炉运行约一秒钟的能耗。这 0.24 瓦时中，Google AI 芯片 TPU 的耗电量占了 58%，CPU 和内存占了 25%，备用机器占了 10%，冷却和功率转换等数据中心运营占了 8%。Google 计算的 AI 耗电量只针对文本生成，不涉及更复杂的如图像或视频生成等高能耗任务。Google 称，Gemini 的能耗过去一年多已经有了显著的改进，2024 年 5 月 Gemini 每次提示的耗电量中位数是 2025 年 5 月的 33 倍。能耗的改进得益于模型的改进和软件优化。Google 还公布了 Gemini 每次提示的二氧化碳排放和耗水量：分别为产生 0.03克二氧化碳和消耗 0.26 毫升水——相当于五滴水。

智商这玩意儿，在我大学毕业前，从来不信。被社会毒打后，见识了一拨又一拨碾压我的存在，我就老实了。

Trag's Developer-Centric Tools Help Aikido Slash Time to Market by 12 Months
Aikido Security acquired Trag, an AI-native code review startup, to bring repository-wide review capabilities to its platform. The acquisition accelerates delivery of new features, such as logic risk detection and English-language rule writing, aimed at beating legacy rivals.

State-Sponsored Espionage Group Tied to Exploits of No-Longer-Supported Cisco Gear
Russian intelligence hackers are using obsolete and unpatched equipment made by networking mainstay Cisco Systems to further stealthy and ongoing cyberespionage operations, the U.S. federal government warned Wednesday. Hackers exploit a vulnerability in the Smart Install feature of Cisco devices.

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration.

The post Think before you Click(Fix): Analyzing the ClickFix social engineering technique appeared first on Microsoft Security Blog.

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration.

The post Think before you Click(Fix): Analyzing the ClickFix social engineering technique appeared first on Microsoft Security Blog.

利用预训练的语言模型释放基于语义的日志解析的真正潜力 by ourren

XSSky：融合动静态分析，精准狙击XSS漏洞 by ourren

更多最新文章，请访问SecWiki