Aggregator

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that […]

Почти половина преступлений совершается в интернете.

Google 官方博客表示正在美国测试一种机器学习模型，用于帮助确定用户是否未年满 18 岁，以在其平台上为用户提供更适合年龄的体验。年龄估计模型将使用相关用户的现有数据，如访问的网站、在 YouTube 上观看的视频类型以及帐户持有时间等去判断年龄。如果检测到用户可能未满 18 岁时，Google 会通知用户已经更改了部分设置，如果用户认为有误可以提供年龄验证方法如自拍、信用卡或政府身份证。

Dive into the world of AI agent authentication, where cutting-edge security meets autonomous systems. Discover how delegation tokens, real-time verification, and multi-layer security protocols work together to ensure safe and private AI operations while maintaining operational efficiency.

The post The Future of AI Agent Authentication: Ensuring Security and Privacy in Autonomous Systems appeared first on Security Boulevard.

A vulnerability was found in whisperfish libsignal-service-rs. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument was_encrypted leads to insufficient verification of data authenticity. This vulnerability was named CVE-2025-24903. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in TP-LINK TL-WR841ND V11. It has been classified as problematic. This affects an unknown part of the file /userRpm/WanSlaacCfgRpm.htm of the component Packet Handler. The manipulation of the argument dnsserver1/dnsserver2 leads to denial of service. This vulnerability is uniquely identified as CVE-2025-25901. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Kubernetes kubelet up to 1.30.9/1.31.5/1.32.1 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Endpoint. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2025-0426. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

When threat actors get their hands on legitimate corporate credentials, it makes blocking unauthorized intrusions far more challenging. Yet that’s exactly what’s happening across the globe, thanks to the growing popularity of infostealer malware. The result is to feed the criminal supply chain with stolen data—fuelling follow-on fraud for customers and major financial and reputational damage for breached organizations.

The post How Infostealers Are Creating a Data Breach Epidemic appeared first on Security Boulevard.

A vulnerability has been found in Linux Kernel up to 6.6.75/6.12.12/6.13.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file kernel/locking/mutex.c. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-21701. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in GNU GCC. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2023-4039. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Binding Support Function up to 23.1.7/23.2.2. This issue affects some unknown processing of the component Install/Upgrade. The manipulation leads to protection mechanism failure. The identification of this vulnerability is CVE-2023-4039. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in LibRaw. It has been rated as critical. This issue affects the function raw2image_ex. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2023-1729. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in LibRaw. This affects the function LibRaw::stretch of the file libraw\src\postprocessing\aspect_ratio.cpp. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2020-22628. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Google Android 7.0/7.1.1/7.1.2. Affected by this issue is some unknown functionality of the component Media Framework. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2017-0691. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Platinum UPnP SDK up to 1.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to relative path traversal. This vulnerability is known as CVE-2020-19858. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2024.12.1. Affected is an unknown function of the component Code Inspection Report Tab. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-26493. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in JetBrains TeamCity up to 2024.12.1. This vulnerability affects unknown code of the component Kubernetes Connection Handler. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2025-26492. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mintty. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-45301. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in TCBD Auto Refresher Plugin up to 2.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-12519. The attack can be launched remotely. There is no exploit available.