Aggregator

A vulnerability classified as critical was found in Adobe Acrobat Reader up to 20.005.30748/24.001.30225/25.001.20428. Affected by this vulnerability is an unknown functionality. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2025-27158. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Acrobat Reader up to 20.005.30748/24.001.30225/25.001.20428. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-27159. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Acrobat Reader up to 20.005.30748/24.001.30225/25.001.20428 and classified as critical. This issue affects some unknown processing. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2025-27162. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Acrobat Reader up to 20.005.30748/24.001.30225/25.001.20428. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-27160. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Acrobat Reader up to 20.005.30748/24.001.30225/25.001.20428. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-27174. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Fortinet FortiWeb up to 7.0.10/7.2.10/7.4.5/7.6.0. Affected by this issue is some unknown functionality of the component Requests Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-55597. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Joomla CMS up to 4.4.11/5.2.4. Affected is an unknown function of the component Media Manager. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-22213. It is possible to launch the attack remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 被称为 Blind Eagle 的威胁行为者自 2024 年 11 月以来，与一系列针对哥伦比亚机构和政府实体的持续攻击活动有关。 “监控到的攻击活动针对哥伦比亚司法机构以及其他政府或私人组织，感染率很高。” Check Point 在一项新分析中表示。 “在 2024 年 12 月 19 日左右进行的一次攻击活动中，超过 1600 名受害者受到影响。考虑到 Blind Eagle 的定向 APT 方法，这一感染率非常显著。” 自 2018 年以来一直活跃的 Blind Eagle ，也被称为 AguilaCiega、APT-C-36 和 APT-Q-98。它以对南美实体，特别是哥伦比亚和厄瓜多尔的超针对性攻击而闻名。 该威胁行为者策划的攻击链涉及使用社会工程学手段，通常以鱼叉式网络钓鱼电子邮件的形式，获取对目标系统的初始访问权限，并最终投放现成的远程访问木马，如 AsyncRAT、NjRAT、Quasar RAT 和 Remcos RAT。 最新的入侵行为因三个原因而引人注目：使用了针对微软 Windows 漏洞（CVE-2024-43451）的变种利用，采用了新兴的 “打包即服务”（PaaS）HeartCrypt，以及通过 Bitbucket 和 GitHub 分发有效载荷，超越了谷歌硬盘和 Dropbox。 具体来说，HeartCrypt 用于保护恶意可执行文件，这是 PureCrypter 的一个变种，然后负责启动托管在现已被删除的 Bitbucket 或 GitHub 存储库上的 Remcos RAT 恶意软件。 CVE-2024-43451 指的是微软在 2024 年 11 月修复的 NTLMv2 哈希泄露漏洞。据 Check Point 称，盲鹰在补丁发布后仅六天就将其变种纳入攻击武器库，导致毫无戒心的受害者在手动点击通过网络钓鱼电子邮件分发的恶意.URL 文件时推进感染。 “虽然这个变种实际上并不会暴露 NTLMv2 哈希，但它会通知威胁行为者文件是由同一异常用户文件交互下载的。” 这家网络安全公司表示。 “在易受 CVE-2024-43451 影响的设备上，即使在用户手动与文件交互之前，也会触发 WebDAV 请求，表现出同样的异常行为。同时，在已打补丁和未打补丁的系统上，手动点击恶意.URL 文件会启动下一阶段有效载荷的下载和执行。” Check Point 指出，这种 “快速反应” 有助于突出该组织的技术专长以及其在面对不断演变的安全防御时适应和追求新攻击方法的能力。 作为威胁行为者起源的铁证，GitHub 存储库显示该威胁行为者在 UTC-5 时区运营，与南美多个国家一致。 不仅如此，似乎出现了一次操作失误，对存储库提交历史的分析发现了一个包含 1634 个唯一电子邮件地址的账户密码对文件。 尽管名为 “Ver Datos del Formulario.html” 的 HTML 文件于 2025 年 2 月 25 日从存储库中删除，但发现它包含与个人、政府机构、教育机构和在哥伦比亚运营的企业相关的详细信息，如用户名、密码、电子邮件、电子邮件密码和 ATM PIN 码。 “其成功的关键因素之一是能够利用合法的文件共享平台，包括谷歌硬盘、Dropbox、Bitbucket 和 GitHub，使其能够绕过传统安全措施并秘密分发恶意软件。” Check Point 表示。 “此外，其使用地下犯罪软件工具如 Remcos RAT、HeartCrypt 和 PureCrypter 加强了其与网络犯罪生态系统的深厚联系，提供了访问 sophisticated 逃避技术和持续访问方法的途径。”   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

DeepSeek 官方辟谣：R2 发布为假消息

A vulnerability classified as critical was found in Synaptics Audio Driver on Windows. This vulnerability affects unknown code of the file CxUIUSvc64.exe. The manipulation leads to improper access controls. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2024-9157. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows and classified as critical. This vulnerability affects unknown code of the component Remote Desktop Services. The manipulation leads to sensitive data storage in improperly locked memory. This vulnerability was named CVE-2025-24035. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows Server 2012 up to Server 2022 23H2. It has been classified as critical. Affected is an unknown function of the component Remote Desktop Services. The manipulation leads to sensitive data storage in improperly locked memory. This vulnerability is traded as CVE-2025-24045. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Remote Desktop Client. The manipulation leads to relative path traversal. This vulnerability is known as CVE-2025-26645. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Twonky Server up to 8.5 and classified as problematic. This vulnerability affects unknown code of the file rpc/set_all. The manipulation of the argument friendlyname as part of Parameter leads to cross site scripting. This vulnerability was named CVE-2018-7203. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Allisclear Clear Content 1.1. Affected is an unknown function of the file image.php. The manipulation of the argument url leads to path traversal. This vulnerability is traded as CVE-2009-3535. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Apple iPhoto 6.0.5. This vulnerability affects unknown code. The manipulation leads to denial of service. This vulnerability was named CVE-2007-0645. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Twonky Server up to 8.5. This affects an unknown part of the file rpc/set_all. The manipulation of the argument contentbase with the input .. as part of Parameter leads to path traversal. This vulnerability is uniquely identified as CVE-2018-7171. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.