Aggregator

CVE-2025-52378 | Nexxt NCM-X1800 up to 1.2.7 Device Management Page um_device_set_aliasname DEVICE_ALIAS cross site scripting (EUVD-2025-21440)

Vuldb Updates
4 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in Nexxt NCM-X1800 up to 1.2.7. Affected is an unknown function of the file /web/um_device_set_aliasname of the component Device Management Page. The manipulation of the argument DEVICE_ALIAS leads to cross site scripting. This vulnerability is traded as CVE-2025-52378. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Threat Actors Mimic CNN, BBC, and CNBC Websites to Promote Investment Scams

Cyber Security News
4 months 4 weeks ago

Cybersecurity researchers have identified a sophisticated international fraud campaign that leverages impersonated news websites from major outlets including CNN, BBC, CNBC, News24, and ABC News to orchestrate large-scale investment scams. The operation demonstrates advanced social engineering tactics combined with technical deception methods to target victims across multiple countries. The campaign operates through a multi-stage attack […]

The post Threat Actors Mimic CNN, BBC, and CNBC Websites to Promote Investment Scams appeared first on Cyber Security News.

Tushar Subhra Dutta

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

The Hackers News
4 months 4 weeks ago
Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the threat actor known as '$$$,'" EclecticIQ researcher Arda Büyükkaya said. "The same actor controls
The Hacker News

Qilin

Dark Feed IO
4 months 4 weeks ago

You must login to view this content

cohenido

INC

Dark Feed IO
4 months 4 weeks ago

You must login to view this content

cohenido

Akira

Dark Feed IO
4 months 4 weeks ago

You must login to view this content

cohenido

Lynx

Dark Feed IO
4 months 4 weeks ago

You must login to view this content

cohenido

Reddit 开始要求访问成人内容的英国用户验证年龄

Solidot
4 months 4 weeks ago
Reddit 宣布,为了遵守英国的新法律 Online Safety Act,它开始要求访问成人内容的英国用户验证年龄。Reddit 是通过第三方服务 Persona 验证用户年龄,Persona 会对用户上传的自拍照或政府颁发的身份证件照片进行验证。Reddit 不会储存用户上传的照片,只会储存验证状态和用户提供的出生日期,用户无需在每次访问成人内容时进行验证。Reddit 称,Persona 承诺保护数据隐私,承诺不会将照片保留超过 7 天,它也无法访问用户的 Reddit 数据。

Lynx

Dark Feed IO
4 months 4 weeks ago

You must login to view this content

cohenido

Lynx

Dark Feed IO
4 months 4 weeks ago

You must login to view this content

cohenido

CVE-2007-4976 | Coppermine Photo Gallery docs/showdoc.php path traversal (EDB-30595 / Nessus ID 26084)

Vuldb Updates
4 months 4 weeks ago
A vulnerability classified as problematic was found in Coppermine Photo Gallery. Affected by this vulnerability is an unknown functionality of the file docs/showdoc.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2007-4976. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

月之暗面发布 1 万亿参数的开源模型

Solidot
4 months 4 weeks ago
北京月之暗面科技有限公司上周发布了有 1 万亿总参数、320 亿激活参数的混合专家模型 Kimi K2。基准测试显示它能在部分领域打败 OpenAI 的 GPT-4.1。Kimi K2 在软件工程测试 SWE-bench Verified 中的正确率达到了 65.8%,超过了大多数开源模型,能与私有模型相媲美;在编程测试 LiveCodeBench 中,Kimi K2 的正确率达到了 53.7%,超过了 DeepSeek-V3 的 46.9% 和 GPT-4.1 的 44.7%;在数学推理测试 MATH-500 中的得分为 97.4%,超过了 GPT-4.1 的 92.4%。相比 OpenAI,月之暗面投入的成本更低,速度更快更便宜。

CyberArk: Rise in Machine Identities Poses New Risks

DataBreachToday.com
4 months 4 weeks ago
Comprehensive Machine Identity Security Needed for Non-Human Identities
A study from CyberArk shows that machine identity-related security incidents are increasing as the volume and complexity of machine identities surge. Security leaders must build an end-to-end strategy to secure non-human identities and prevent attacks and outages.

Managed ad