Aggregator

Iran has throttled internet access in the country in a purported attempt to hamper Israel's ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on the country, escalating geopolitical tensions in the region. Fatemeh Mohajerani, the spokesperson of the Iranian Government, and the Iranian Cyber Police, FATA, said the internet slowdown was designed to

This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security. Autorize: Burp Suite extension for automatic authorization enforcement detection Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. BadDNS: Open-source tool checks for subdomain takeovers BadDNS is an open-source Python DNS auditing tool … More →

The post 35 open-source security tools to power your red team, SOC, and cloud security appeared first on Help Net Security.

因与以色列之间日益加剧的冲突，伊朗在采取限制互联网访问的措施之后，准备全面切断与全球互联网之间的接入，此举旨在阻止以色列的网络攻击。伊朗政府还督促公民删除 WhatsApp 应用，声称该应用被以色列用于监视。WhatsApp 是伊朗最受欢迎的消息平台之一。在伊以爆发冲突之后，伊朗居民报告互联网服务经常中断，甚至 VPN 也越来越不可靠。Cloudflare 报告称伊朗两家主要移动运营商周二下线。NetBlocks 监测显示伊朗的互联网流量大幅下降。伊朗网民仍然可以访问国内互联网，但官员表示内部网络的带宽也可能会缩减八成。

Will humans remain essential in cybersecurity, or is AI set to take over? According to Wipro, many CISOs are leveraging AI to improve threat detection and response times and to build enhanced incident response capabilities. What’s changing AI systems can now perform a variety of tasks that were once handled by entry-level analysts, such as drafting reports, generating alerts, and assembling presentations for management. By taking over these repetitive jobs, AI gives human professionals more … More →

The post AI is changing cybersecurity roles, and entry-level jobs are at risk appeared first on Help Net Security.

A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Sharkkcode and Zeze with TeamT5' was reported to the affected vendor on: 2025-06-18, 78 days ago. The vendor is given until 2025-10-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Gereon Huppertz' was reported to the affected vendor on: 2025-06-18, 78 days ago. The vendor is given until 2025-10-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-06-18, 78 days ago. The vendor is given until 2025-10-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Gereon Huppertz' was reported to the affected vendor on: 2025-06-18, 78 days ago. The vendor is given until 2025-10-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Gereon Huppertz' was reported to the affected vendor on: 2025-06-18, 78 days ago. The vendor is given until 2025-10-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2025-06-18, 78 days ago. The vendor is given until 2025-10-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

本文针对俄罗斯国家主网中的审查组件TSPU展开系统研究，通过设计独特的测量方法并结合境内与远程实验，揭示了TSPU在互联网流量干预中的工作机制、触发规则与部署位置。

LS ELECTRICが提供するGMWin 4には、複数の脆弱性が存在します。

富士電機株式会社が提供するSmart Editorには、複数の脆弱性が存在します。

A vulnerability, which was classified as very critical, was found in Rexroth Nexo Cordless Nutrunner and Nexo Special Cordless Nutrunner up to V1500-SP2. This affects an unknown part of the component HTTP Request Handler. The manipulation leads to use of weak credentials. This vulnerability is uniquely identified as CVE-2023-48257. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Rexroth Nexo Cordless Nutrunner and Nexo Special Cordless Nutrunner up to V1500-SP2. It has been classified as critical. This affects an unknown part of the component Network Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2023-48265. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WWBN AVideo 15fed957fb and classified as critical. Affected by this issue is some unknown functionality of the file userRecoverPass.php of the component HTTP Request Handler. The manipulation leads to weak password recovery. This vulnerability is handled as CVE-2023-49589. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in WWBN AVideo 15fed957fb. It has been declared as problematic. Affected by this vulnerability is the function downloadURL_gifimage of the file aVideoEncoderReceiveImage.json.php of the component HTTP Request Handler. The manipulation leads to file inclusion. This vulnerability is known as CVE-2023-49862. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WWBN AVideo 15fed957fb. It has been rated as problematic. Affected by this issue is the function downloadURL_webpimage of the file aVideoEncoderReceiveImage.json.php of the component HTTP Request Handler. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2023-49863. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Fortinet FortiPortal up to 5.3.8/6.0.14/7.0.6/7.2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GET Request Handler. The manipulation leads to authorization bypass. This vulnerability is known as CVE-2023-48783. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in quic-go and classified as problematic. This vulnerability affects unknown code of the component Path Validation Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2023-49295. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.