Aggregator

A vulnerability labeled as critical has been found in Eron Wowwo CRM. This impacts an unknown function. The manipulation results in sql injection. This vulnerability was named CVE-2024-12150. The attack may be performed from remote. There is no available exploit.

Digital Charging Solutions GmbH (DCS), a leading provider of white-label charging services for automotive OEMs and fleet operators, has confirmed a data breach affecting a limited number of its customers.  DCS disclosed that unauthorized access to personal data occurred in the course of its customer-support processes. The incident was detected through irregularities in log data and […]

The post EV Charging Provider Confirm Data Breach – Customers Personal Data Exposed appeared first on Cyber Security News.

强强交锋护航数字未来，第三届“天网杯”网络安全大赛圆满落幕

合法驱动成银狐木马新跳板！360构建全周期防御矩阵

360构建教育AI闭环：赛事、平台、校园行三维赋能安全人才培养

Роботы под шифрованием, но хакеры читают их как открытую книгу.

A sophisticated cyber campaign, dubbed “Operation Rewrite,” is actively hijacking Microsoft Internet Information Services (IIS) web servers to serve malicious content through a technique known as search engine optimization (SEO) poisoning. Palo Alto Networks uncovered the operation in March 2025, attributing it with high confidence to a Chinese-speaking threat actor who uses a malicious IIS […]

The post Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.17-rc2. Affected by this vulnerability is an unknown functionality of the component dwc3. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2025-39801. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3 and classified as critical. Affected by this issue is the function btrfs_copy_root of the component btrfs. Performing manipulation results in buffer overflow. This vulnerability is reported as CVE-2025-39800. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17-rc2. This affects an unknown function of the component iommu. Executing manipulation of the argument str can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2025-38676. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

Cloud environments rely on the Instance Metadata Service (IMDS) to provide virtual machines with temporary credentials and essential configuration data. IMDS allows applications to securely retrieve credentials without embedding secrets in code or configuration files. However, threat actors have found ways to misuse this convenience, turning IMDS into a springboard for stealing credentials, moving laterally, […]

The post Hackers Abuse IMDS Service for Cloud Initial Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

让分析师成为AI团队的核心

内蒙古自治区锡林浩特市公安局发布关于锡林浩特市集中采集男性居民血样并录入本地 DN A数据库的通告，引发网友关注。在锡林浩特市之前，多地都曾开展集中采集男性居民血样的工作，此举是为了推进“Y库”建设。“Y库”的全称为“Y库家系工匠系统”，此前白银连环杀人案、南医大女生被害案等案件告破，“Y库”都立了功。据锡林浩特市公安局通告，为进一步夯实公安基础工作，完善该市居民基础信息库数据，健全居民个人信息管理，提升重大风险防范与应对能力，精准落实相关工作举措，根据上级部门统一部署，锡林浩特市公安局各派出所将开展男性居民血样集中采集工作。采集时间为2025年9月5日起，采集对象为锡林浩特市辖区内男性居民，采集地点为居民户籍所在地派出所。通告还称，本次血样采集的作用是完善公民身份信息，直接关联到个人身份证、护照等证件的办理。并且对于防范老人儿童走失、人员身份信息确认等方面，具有重大作用。请广大男性居民积极支持配合此项工作，携带本人有效身份证件（身份证、户口本等）前往指定采集点完成信息登记与血样采集。采集过程严格遵循相关规范，居民个人信息及生物样本将依法严格保密，确保信息安全。此项工作功在当代、利在千秋，望全体市民理解支持，共同推动工作顺利开展。

ReliaQuest report claims time from initial access to lateral movement has shrunk to just 18 minutes

Every SOC leader understands that faster threat detection is better. But the difference between knowing it and building…

Researchers earned $150K for “L1TF Reloaded,” combining L1TF and half-Spectre to leak VM memory from public clouds despite mitigations. Researchers from Vrije Universiteit Amsterdam earned $150K for exploiting L1TF Reloaded, a flaw combining L1TF (Foreshadow) and half-Spectre. The attack bypasses prior mitigations, showing that transient CPU vulnerabilities remain practical and can leak memory from VMs […]

BlockBlasters游戏补丁竟藏恶意软件，窃取用户敏感数据

看雪论坛作者ID：ZyOrca