Aggregator

A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-4977. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. Other products might be affected as well. The vendor was contacted early about this disclosure.

永远不会出错的量子计算机正是拓扑量子计算的承诺。传统量子比特极易受环境干扰；而拓扑量子比特天生具备容错能力。过去的几十年里，科学家们一直在寻找拓扑量子比特的合适物理载体。2013 年清华大学团队首次在无磁场条件下观测到"量子反常霍尔效应"。如今科学家在这座"量子金矿"中挖掘出新的"宝藏"——分数量子反常霍尔效应。作为量子霍尔家族的新成员，分数量子反常霍尔效应在高填充分数或超导条件下，能够支持Z3仲费米子，从而实现斐波那契任意子统计并实现通用拓扑量子比特。

Submit #564714 / VDB-309640

Submit #564712 / VDB-309639

Submit #564711 / VDB-309638

In this Help Net Security interview, Kunal Modasiya, SVP, Product Management, GTM, and Growth at Qualys, discusses recent Qualys research on the state of cloud and SaaS security. He talks about how siloed visibility, fragmented tools, and a lack of incident response skills leave organizations vulnerable to misconfigurations, account hijacking, and other threats. Modasiya explains that only a unified, context-aware security strategy can consolidate risk insights, close remediation gaps, and align with how businesses build … More →

The post Closing security gaps in multi-cloud and SaaS environments appeared first on Help Net Security.

То, что раньше было закулисьем, стало ареной для экспериментов.

介绍网络安全专家克里斯·蒙泰罗和记者卡尔·米勒发现并调查一个暗网上的虚假雇佣杀手网站的故事。 克里斯最初调查该网站时认为它是一个骗局，但通过一个安全漏洞获得了用户的机密信息，揭示了真实存在的谋杀委托。 尽管面临威胁和警方的不信任，他们坚持揭露这个网站，警告潜在受害者，甚至与警方合作促成了一些逮捕行动。 这个经历对他们个人产生了深刻影响，并让他们质疑媒体和执法部门在这种极端情况下的作用。

微软宣布开源 Windows Subsystem for Linux(WSL)，源代码采用 MIT 许可证托管在该公司旗下的 GitHub 平台上。微软是在 2016 年的 BUILD 开发者大会上首次宣布 WSL，它随 Windows 10 周年更新提供给用户。WSL 一开始是基于 pico-processes 程序 lxcore.sys 实现原生运行 ELF 可执行程序，在 Windows 内核中实现 Linux 系统调用，这就是第一代的 WSL。微软随后认识到实现与原生 Linux 最佳兼容性的最好方法是依赖 Linux 内核本身。WSL 2 由此诞生，它于 2019 年首次宣布。WSL 的最新版本是 WSL 2.5.7。

跟朋友们报告近期我在产品上的折腾。

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names of the Python packages are below - checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads)

本期为大家精选5款工具，覆盖漏洞扫描、安全审计、中间件渗透、资产存活验证及敏感信息提取等核心场景，助你在HVV中快速定位风险、抢占先机！

同学看这里！1.5天特训营，带你破解加密流量攻防迷局，掌握代码逆向核心技术，直面HVV实战对抗场景！

In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that openness fueled strong communities and faster security improvements, making OSS often more secure than proprietary code. Today, a new kind of misinformation has emerged, the opposite of FUD: it downplays real open source security risks that should raise concern. The biggest security fallacy today is that Linux namespaces are security boundaries. From … More →

The post Containers are just processes: The illusion of namespace security appeared first on Help Net Security.

A vulnerability classified as problematic was found in SimpleLightbox Photo Gallery, Sliders, Proofing and Themes up to 2.1.5 on WordPress. Affected by this vulnerability is an unknown functionality of the component JavaScript Library. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5878. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Motors Plugin up to 5.6.67 on WordPress. Affected is an unknown function of the component Password Update Handler. The manipulation leads to unverified password change. This vulnerability is traded as CVE-2025-4322. It is possible to launch the attack remotely. There is no exploit available.

Currently trending CVE - Hype Score: 12 - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.

A vulnerability was found in Broadcom Automic Automation up to 21.0.13/24.3.0 HF3. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to untrusted search path. The identification of this vulnerability is CVE-2025-4971. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Canon imageRUNNER, imageCLASS, i-sensys and Satera. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2025-3079. The attack can be initiated remotely. There is no exploit available.