Aggregator

A vulnerability was found in Samsung Devices. It has been classified as critical. The affected element is an unknown function of the component SLocation. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2026-20970. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Samsung Devices and classified as critical. Impacted is an unknown function of the component DualDAR. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2026-20968. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to upgrade the affected component.

GNU Wget2中发现高危路径遍历漏洞CVE-2025-69194，允许攻击者通过恶意Metalink文档写入任意文件。该漏洞源于未验证元素中的路径，违反RFC 5854标准。官方已发布修复版本wget2 2.2.1，引入严格文件名验证机制以防止路径遍历攻击。

通用2.0、1.0活动来啦，还有补天新年礼盒~

A vulnerability has been found in Samsung Devices and classified as critical. This issue affects some unknown processing of the component libimagecodec.quram.so. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-20973. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Samsung SecSettings. This vulnerability affects unknown code. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2026-20969. An attack has to be approached locally. There is no exploit available. It is advisable to implement a patch to correct this issue.

2001 年黑五期间，一台 50 英寸的电视百思买（Best Buy）售价为 1100 美元，而今天不到 200 美元（非智能版本）。过去 25 年每像素面积价格下降逾 90%，背后的主要原因是 LCD 技术从利基产品发展成为量产商品。2004 年 LCD 仅占电视市场的 5%；到 2018 年市场份额超过 95%。驱动成本下降的主要是基板玻璃尺寸的扩大，第一代母玻璃（Mother Glass）的尺寸约为 12 英寸 × 16 英寸，第 10.5 代尺寸为 116 英寸 × 133 英寸，几乎是第一代的 100 倍。这种尺寸的扩大显著节约了费用，设备费用的增长速度远低于玻璃面积的增长速度。

过去25年电视价格大幅下降，每像素成本降低超90%，LCD技术普及和母玻璃尺寸扩大是主因。

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

A vulnerability, which was classified as problematic, has been found in NEX-Forms Plugin up to 9.1.7 on WordPress. This affects an unknown part of the component Setting Handler. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-14803. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in ZTE MF258K ZTE_MF258kPRO_PLAY_V1.0.0B03/ZTE_MF258PRO_STD_V1.0.0B04. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation results in improper privilege management. This vulnerability is reported as CVE-2025-66315. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in Alibaba Fastjson up to 1.2.47. Affected by this vulnerability is an unknown functionality. The manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability is documented as CVE-2025-70974. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

React2Shell（CVE-2025-55182）是一个影响React Server Components的高危远程代码执行漏洞（CVSS 10.0），允许攻击者通过恶意HTTP请求在服务器上执行任意代码。该漏洞影响Next.js等框架和多个版本。修复方案已发布，建议立即升级并实施多层防护措施以应对潜在威胁。

Вместо россыпи старых аналоговых блоков появится современная цифровая система защиты.

Security researchers have identified over 91,000 attack sessions targeting AI infrastructure between October 2025 and January 2026, exposing systematic campaigns against large language model deployments. GreyNoise’s Ollama honeypot infrastructure captured 91,403 attack sessions during this period, revealing two distinct threat campaigns. The findings corroborate and extend previous research from Defused on AI system targeting. The […]

The post Hackers Actively Exploiting AI Deployments – 91,000+ Attack Sessions Observed appeared first on Cyber Security News.

Chinese threat actors have developed a dangerous new way to steal money directly from bank accounts using specially crafted Android applications. Known as Ghost Tapped, these malicious apps exploit Near Field Communication (NFC) technology, the same wireless technology that powers contactless payments. Instead of needing your physical bank card, criminals can complete transactions from anywhere […]

The post New Ghost Tapped Attack Uses Your Android Device to Drain Your Bank Account appeared first on Cyber Security News.

微软尝试通过动态磁贴重新定义人机交互，在 Windows Phone 和 Windows 8 中引入实时信息展示界面。然而由于用户体验与设备形态的不匹配、UWP 战略失败及市场否定等原因，动态磁贴逐渐退出历史舞台。尽管如此，其设计理念如卡片式界面、信息聚合等思想仍融入现代操作系统设计语言中。

AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built no-code assets. What started out as a few business user created no-code apps is evolving into thousands of automations and AI agents operating across enterprise systems. They pull external data, call internal APIs, reason … More →

The post How AI agents are turning security inside-out appeared first on Help Net Security.

The notorious state-sponsored group relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations.

基于长期的观察、调查和研究工作，数世咨询每年都从当年中上千件事件中进行精选。