Aggregator

Случайная находка изменила представление о привычных вещах.

The US cybersecurity agency called for the CVE program to remain publicly maintained and vendor-neutral while emphasizing the need for broader engagement

De Poolse president Karol Nawrocki heeft de NAVO-partners bedankt die in het NAVO-luchtruim boven Polen Russische drones hebben neergehaald. Dat gebeurde gisternacht. Op Pools grondgebied zijn uiteindelijk brokstukken teruggevonden van meerdere onbemande toestellen.

A novel speculative execution attack named VMSCAPE allows a malicious virtual machine (VM) to breach its security boundaries and steal sensitive data, like cryptographic keys, directly from its host system. The vulnerability, identified as CVE-2025-40300, affects a wide range of modern processors, including all current generations of AMD Zen (1 through 5) and Intel’s Coffee […]

The post New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs appeared first on Cyber Security News.

A vulnerability classified as problematic was found in Pegasystems Pega Infinity up to 24.2.2. This affects an unknown function of the component User Interface. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-8681. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Google Go up to 1.23.10/1.24.4. This affects an unknown part of the component cmd-go. This manipulation causes file inclusion. This vulnerability is tracked as CVE-2025-4674. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Google Go 1.23/1.24. It has been classified as problematic. This impacts an unknown function of the component net-http. The manipulation leads to http request smuggling. This vulnerability is listed as CVE-2025-22871. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

A vulnerability was found in Google Go up to 1.23.6/1.24.0. It has been classified as problematic. This impacts an unknown function of the component IPv6 Zone ID Handler. Performing manipulation results in misinterpretation of input. This vulnerability is cataloged as CVE-2025-22870. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

It seems this issue is a false-positive. Please confirm the sources provided and consider disregarding this entry.

This issue is likely a false positive. Please verify the cited sources and consider not including this entry.

Firefox 最新的 Nightly 版本终于加入了对 Matroska MKV 内容的播放支持。该功能请求用户已经递交了八年之久。目前对 MKV 内容的支持仅限于 Nightly 版，或者用户也可以修改 media.mkv.enabled 选项选择启用。播放 MKV 内容功能目前只支持 AVC/H.264 和 AAC 编解码器，未来会逐渐支持其它编解码器。

加密恶意流量特征挖掘研究 by ourren

更多最新文章，请访问SecWiki

Roasting Redmond for Kerberoasting: “Like an arsonist selling firefighting services,” quips this 76-year-old.

The post Microsoft’s ‘Gross Cybersecurity Negligence Threatens National Security’ appeared first on Security Boulevard.

A targeted supply chain compromise of an open-source node package manager (npm) resulted in malicious updates to widely used packages, enabling cryptocurrency theft through traffic interception and transaction manipulation of browser-based crypto wallets.

The post 16 Minutes to Impact: npm Supply Chain Abuse Deploys crypto-draining malware appeared first on Sygnia.

A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using…

Для успешной атаки достаточно лишь смартфона и полминуты времени.

A sophisticated fileless malware campaign has been observed using legitimate tools to deliver AsyncRAT executed in memory

A vulnerability identified as critical has been detected in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. This vulnerability is tracked as CVE-2025-10278. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. This vulnerability is identified as CVE-2025-10277. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

In early May 2025, security teams began observing a sudden rise in post-exploitation activity leveraging an open-source command-and-control framework known as AdaptixC2. Originally developed to assist penetration testers, this framework offers a range of capabilities—file system manipulation, process enumeration, and covert channel tunneling—that have now been adopted by malicious actors. The framework’s modular design and […]

The post Threat Actors Leveraging Open-Source AdaptixC2 in Real-World Attacks appeared first on Cyber Security News.