Aggregator

A vulnerability, which was classified as critical, has been found in Content*Builder. Affected by this issue is some unknown functionality of the file article2/comments.inc.php. This manipulation of the argument rel causes improper privilege management. This vulnerability is registered as CVE-2006-3172. The attack needs to be launched locally. Furthermore, an exploit is available.

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. [...]

A recent wave of attacks targeting SonicWall customers has researchers and authorities on alert. Many victim organizations had misconfigurations in their systems.

The post SonicWall firewalls targeted by fresh Akira ransomware surge appeared first on CyberScoop.

Master DevOps automation with these 5 essential tools for .NET developers. Streamline CI/CD, code analysis, and database versioning for faster, more reliable deployments.

The post The Top 5 DevOps Automation Tools .NET Developers Should Know appeared first on Security Boulevard.

Имидазол и цинк: любовная история, которая перевернет мир технологий.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Dual Roomba’ appeared first on Security Boulevard.

CISA was paying employees without mission-critical cybersecurity backgrounds as part of a program for retaining cyber talent.

The post ​​DHS watchdog finds mismanagement in critical cyber talent program appeared first on CyberScoop.

Heffner Toyota & Lexus Falls Victim to Nitrogen Ransomware

Масштабы вторжения и количество жертв до сих пор держат в тайне.

2021 年奥迪高管首次看到极氪001 时倍感震惊，意识到如果想与中国竞争，需要借助中国的技术。奥迪仅用 18 个月就基于中国合作伙伴上汽提供的技术（包括电池、电动动力系统、车载信息娱乐软件和高级驾驶辅助系统）打造了奥迪 E5 Sportback。这款售价 3.3 万美元的电动汽车将于本月开始交付给中国消费者。奥迪的全球竞争对手也效仿这一做法，利用中国的知识产权快速推出新车型。丰田和大众分别与中国合作伙伴广汽和小鹏汽车合作开发专供中国市场的车型；雷诺和福特则计划更进一步，基于中国电动车平台开发全球车型。这一战略类似 1990 年代英特尔处理器的“Intel Inside”，中国汽车公司推销“China Inside”战略，通过授权现成的电动汽车技术，为传统车企节省数十亿美元和数年研发时间，赶超竞争对手。受特斯拉启发，中国电动车企开发出模块化平台，降低成本、加速研发、降低准入门槛。对全球汽车公司而言，风险是它们可能会变成某种零售商。

A vulnerability marked as problematic has been reported in Axiomatic Bento4 up to 1.6.0-641. The affected element is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2025-8537. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability marked as problematic has been reported in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. This vulnerability is listed as CVE-2025-9134. The attack must be carried out locally. In addition, an exploit is available. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."

A vulnerability described as critical has been identified in QNAP File Station 5 5.5.6.4741. This vulnerability affects unknown code. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-47206. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in D-Link DIR-619L 6.02CN02 and classified as critical. Impacted is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2025-8978. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. The impacted element is an unknown function of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. This manipulation of the argument login-username/login-password causes use of default credentials. This vulnerability is registered as CVE-2025-8530. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as problematic has been found in cronoh NanoVault up to 1.2.1. Impacted is the function executeJavaScript of the file /main.js of the component xrb URL Handler. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-8535. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in humhub cfiles up to 0.16.9. This vulnerability affects unknown code. Performing manipulation results in sql injection. This vulnerability is known as CVE-2025-54790. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

U.S. makes major arrests and sanctions, GhostAction steals 1000s of GitHub secrets, China-linked hackers target political communications.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a  manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. [...]

Meskan Foundry Falls Victim to BEAST Ransomware