Aggregator

复旦大学系统软件与安全实验室在移动认证安全研究取得新进展

复旦大学系统软件与安全实验室在移动认证安全研究取得新进展

复旦大学系统软件与安全实验室在移动认证安全研究取得新进展

复旦大学系统软件与安全实验室在移动认证安全研究取得新进展

复旦大学系统软件与安全实验室在移动认证安全研究取得新进展

DeepSeek Comes Very Close to Producing a Keylogger and Ransomware
Security researchers used the Chinese DeepSeek-R1 artificial intelligence reasoning model to come close to developing ransomware variants and keyloggers with evasion capabilities. The model needs prompt engineering and its output requires code editing.

Investment to Scale Engineering, Expansion from Data Deletion to Threat Reduction
Executive digital protection firm 360 Privacy raised $36 million to expand its engineering team and boost its ability to remove sensitive data from brokers. The company is shifting from a data deletion focus to broader threat mitigation, tackling risks from digital tracking and location data leaks.

Texas Incident is Largest Breach Reported by a Health Plan So Far in 2025
A Texas-based insurance firm is notifying more than 335,500 people of a December hack involving their sensitive personal and health information. The breach affects many - but not all - of the company's policyholders, agents and insurance carrier partners in multiple states.

Restraining Order Allows Dismissed Cyber Defense Agency Employees to Return to Work
A temporary restraining order against the Trump administration's efforts to shrink the size of the federal workforce will allow thousands of probationary employees to return to work as experts warn the purge threatens national cybersecurity.

A vulnerability was found in Adobe Dimension up to 3.4.11. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-20790. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Dimension up to 3.4.11. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-34125. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Dimension up to 3.4.11. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-34126. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Illustrator up to 27.9.4/28.5. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-34134. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Illustrator up to 27.9.4/28.5. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-34135. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Dimension up to 3.4.11. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-20789. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Websphere Caching Proxy Server up to 3.6/4.0.1.26 and classified as problematic. This issue affects some unknown processing of the component HTTP GET Request Handler. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2002-1167. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Fortinet FortiManager and FortiManager Cloud and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-46662. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. This vulnerability is known as CVE-2025-2320. The attack can be launched remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Ruby on Rails up to 5.0.0. This affects the function render. The manipulation of the argument locals as part of Argument leads to code injection. This vulnerability is uniquely identified as CVE-2020-8163. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.