Aggregator

A vulnerability identified as problematic has been detected in Citrix Nfuse 1.6/1.51. This affects the function getLastError of the file launch.jsp of the component Error Handler. This manipulation of the argument NFuse_Application causes basic cross site scripting. The identification of this vulnerability is CVE-2002-0504. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Oracle9i 9.0/9.0.1. The impacted element is an unknown function of the component Transparent Network Substrate. The manipulation results in resource consumption. This vulnerability is cataloged as CVE-2002-0509. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This affects an unknown function of the component UDP Handler. This manipulation causes information disclosure (Fingerprint). This vulnerability is registered as CVE-2002-0510. Remote exploitation of the attack is possible. No exploit is available.

Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025

A vulnerability was found in Symatec popper_mod 1.0/1.2/1.2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component .htaccess Handler. Executing manipulation can lead to improper privilege management. This vulnerability appears as CVE-2002-0513. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in ASP-Nuke Rc1/Rc2. The impacted element is an unknown function. The manipulation leads to basic cross site scripting. This vulnerability is referenced as CVE-2002-0521. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in EMU Webmail 4.5.x. It has been rated as problematic. The affected element is an unknown function of the file emumail.cgi. Performing manipulation of the argument Type results in path traversal. This vulnerability is known as CVE-2002-0531. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in SquirrelMail up to 1.2.5. It has been rated as critical. This vulnerability affects unknown code of the component Cookie Handler. This manipulation of the argument THEME causes improper privilege management. This vulnerability is handled as CVE-2002-0516. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as problematic has been found in Postboard 2.0/2.0.1. This impacts an unknown function of the component Code Tag Handler. The manipulation with the input $software_input_value results in resource consumption. This vulnerability was named CVE-2002-0534. The attack may be performed from remote. There is no available exploit.

N-able has enhanced the capabilities of Cove Data Protection with the launch of Anomaly Detection as a Service (ADaaS). Strengthening Cove’s defense against cyberthreats, this service is built into Cove’s architecture with no additional management overhead or cost impact. Cyberattacks are increasing, with bad actors targeting organizations by compromising backups. Early threat detection is as crucial as response and recovery, as identifying malicious activity quickly helps prevent widespread damage. “Build-your-own” backup solutions place the responsibility … More →

The post N-able strengthens backup threat protection appeared first on Help Net Security.

Берегись, Claude Code! ИИ от OpenAI удвоил свою эффективность.

Bruce Schneier是一位公共利益技术专家，在安全、技术和人之间领域工作。他在博客和月度通讯中讨论安全问题，并担任哈佛大学研究员、EFF董事会成员及Inrupt首席安全架构师。其个人网站观点仅代表个人，并非代表所属机构。

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. "Apple is aware of a report that this issue may have been exploited in an

关键词安全漏洞安全研究人员近日揭露一起涉及企业级AI客服系统的严重安全事件。

关键词恶意软件一场精心策划的软件供应链攻击正在开发者社区悄然蔓延。

关键词网络攻击最新网络安全研究表明，黑客正通过高度仿真的钓鱼手段，部署合法的远程监控与管理（RMM）软件，获取

关键词勒索软件背景概述2025年9月初，一种名为Yurei的新型勒索病毒崭露头角，其独特的Go语言实现与Cha

The web browser has quietly become one of the most critical components of enterprise infrastructure—and one of the most dangerous. Join BleepingComputer, SC Media, and Push Security on September 29 at 12:00 PM ET for a live webinar on how attackers are targeting the browser to hijack sessions, steal data, and bypass security. [...]

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats.  Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system

文章介绍了Fickling的新改进功能，用于检测和防止恶意Pickle文件对AI/ML模型和基础设施的攻击。通过引入允许列表机制，Fickling可以有效识别并阻止潜在危险导入，提升供应链安全性。