Aggregator

A vulnerability has been found in Planet Technology FW-WGS-804HPT 1.305b241111 and classified as critical. Affected by this vulnerability is the function web_tacplus_serverEdit_post. The manipulation of the argument tacIp leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-44883. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Planet Technology FW-WGS-804HPT 1.305b241111. Affected is the function web_tool_upgradeManager_post. The manipulation of the argument bytftp_srvip leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-44897. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Planet Technology FW-WGS-804HPT 1.305b241111. This issue affects the function web_radiusSrv_dftParam_post. The manipulation of the argument radDftParamKey leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-44894. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Planet Technology FW-WGS-804HPT 1.305b241111. This vulnerability affects the function web_snmp_v3host_add_post. The manipulation of the argument host_ip leads to stack-based buffer overflow. This vulnerability was named CVE-2025-44891. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Planet Technology FW-WGS-804HPT 1.305b241111. This affects the function web_acl_mgmt_Rules_Apply_post. The manipulation of the argument ruleNamekey leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-44893. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Planet Technology FW-WGS-804HPT 1.305b241111. It has been rated as critical. Affected by this issue is the function web_snmp_notifyv3_add_post. The manipulation of the argument host_ip leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-44890. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Planet Technology FW-WGS-804HPT 1.305b241111. It has been declared as critical. Affected by this vulnerability is the function web_snmpv3_remote_engineId_add_post. The manipulation of the argument remote_ip leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-44885. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in cilium hubble up to 1.17.1. It has been classified as problematic. Affected is an unknown function of the component CLI. The manipulation leads to injection. This vulnerability is traded as CVE-2025-48056. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in containerd 2.1.0 and classified as very critical. This issue affects some unknown processing. The manipulation leads to time-of-check time-of-use. The identification of this vulnerability is CVE-2025-47290. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Planet Technology FW-WGS-804HPT 1.305b241111 and classified as critical. This vulnerability affects the function web_acl_bindEdit_post. The manipulation of the argument bindEditMACName leads to stack-based buffer overflow. This vulnerability was named CVE-2025-44896. The attack can be initiated remotely. There is no exploit available.

Hazy Hawk буквально сделал бизнес на забывчивости сетевых специалистов.

经公安部计算机信息系统安全产品质量监督检验中心检测，在应用宝中35款移动应用存在违法违规收集使用个人信息情况。

最引人注目的是来自STARLabs SG的Nguyen Hoang Thach对VMware ESXi的成功攻击，他利用整数溢出漏洞获得了15万美元。

FIs Must Invest in AI-Fueled Behavioral Biometrics to Go Beyond Static Credentials
Scammers are increasingly turning to account takeover fraud, as financial institutions ramp up their defenses. Instead of luring victims into making authorized transactions, cybercriminals are bypassing them altogether, hijacking their digital identities and draining accounts from within.

Homeland Security Secretary Says Trump Budget Strengthens Cybersecurity
Senate Democrats Tuesday pushed Homeland Security Secretary Kristi Noem on the Trump administration's cuts to the cybersecurity component of the U.S. federal department she leads. Noem told senators the U.S. Cybersecurity and Infrastructure Agency will "continue to fulfill" its statutory obligations.

Scattered Spider Stole Tata Consulting Services Employee Login Details for Hack
British retailer Marks & Spencer was reportedly compromised by cybercrime group Scattered Spider using stolen employee credentials from a third-party IT company. Citing an unidentified source, Reuters reported hackers used the M&S login credentials of two Tata Consulting Services employees.

Georgia Court Allows Claims of Fraud, Trespass Over Falcon Software Update
Delta can proceed with its lawsuit against CrowdStrike over a July 2024 update that allegedly bypassed Microsoft safeguards and crashed thousands of systems. The judge found that Delta sufficiently alleged fraud, computer trespass and gross negligence, allowing key claims to move forward.

一个精明股票骗局，骗子通过多次准确预测股票走势来建立信任，最终试图诱导投资。Rachel Tobac是一位社交工程专家。她分享了如何从对黑客一无所知，通过参加 Defcon 大会并屡次在社交工程竞赛中获奖，最终成立了自己的安全公司 SocialProof Security。她详细描述了两次成功的渗透测试经历：一次是利用伪造的证件通过电话攻破银行账户，另一次是冒充求职者在面试中获取公司的并购信息。录音最后探讨了人工智能（AI）在语音克隆和深度伪造方面的风险，以及未来建立信任验证机制的必要性。

本文来源于知乎用户『洞源实验室』对热门提问的回答，更多干货内容可关注我们的知乎账号，第一时间获取最新回答！

Ты устанавливаешь «полезный инструмент», а кто-то устанавливает доступ к твоему устройству.