Aggregator

A vulnerability has been found in HP Poly Clariti Manager up to 10.12.1 and classified as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2025-43020. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in yt-dlp up to 2025.06.25 on Windows. This affects an unknown part of the component Command Line Handler. The manipulation of the argument --exec leads to os command injection. This vulnerability is uniquely identified as CVE-2025-54072. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in haxtheweb haxcms up to 11.0.12. Affected by this issue is some unknown functionality. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is handled as CVE-2025-54139. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

阿里巴巴发布了其辅助编程工具 Qwen3-Coder。Qwen3-Coder 拥有多个尺寸，最先发布的是最强大的版本 Qwen3-Coder-480B-A35B-Instruct。这是一个总参数量 480B，激活 35B 的 MoE 模型，原生支持 256K token 的上下文并可通过 YaRN 扩展到 1M token，拥有卓越的代码和 Agent 能力。Qwen3-Coder-480B-A35B-Instruct 在 Agentic Coding、Agentic Browser-Use 和 Agentic Tool-Use 上取得了开源模型的 SOTA 效果，可以与 Cluade Sonnet4 媲美。

A vulnerability classified as critical was found in pyLoad 0.5.0b3.dev89. Affected by this vulnerability is an unknown functionality of the file /json/upload of the component Uploaded File Name Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-54140. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Kali Linux has announced the release of two groundbreaking packages that significantly enhance wireless penetration testing capabilities for Raspberry Pi users. The new brcmfmac-nexmon-dkms and firmware-nexmon packages, introduced in Kali Linux 2025.1, enable the onboard Wi-Fi interface on supported Raspberry Pi models to perform monitor mode operations and frame injection without requiring external USB adapters. […]

The post Kali Linux Unveils Two New Tools to Boost Wi-Fi Performance for Raspberry Pi Users appeared first on Cyber Security News.

微软称 Windows 11 24H2 是目前最可靠的版本，死机率较 Windows 10 22H2 降低 24%。新增快速机器恢复功能可自动修复蓝屏问题，并改进黑屏死机界面以提升用户体验。

《关键信息基础设施商用密码使用管理规定》已经2025年4月21日国家密码管理局局务会议审议通过。

研究人员表示，除非用户在开发者选项或可访问性设置中禁用动画，否则最新的Android版本是可以启用动画的，否则会使设备暴露在TapTrap攻击之下。

当前环境出现异常状态，请完成验证操作后方可继续访问相关内容。

当前环境异常，需完成验证后方可继续访问。

Microsoft has confirmed that Chinese state-sponsored threat actors are actively exploiting critical zero-day vulnerabilities in on-premises SharePoint servers, prompting urgent security warnings for organizations worldwide.  The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly disclosed vulnerabilities that enable authentication bypass and remote code execution. Key Takeaways1. CVE-2025-53770/53771 in on-premises […]

The post Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Flaw in the Wild appeared first on Cyber Security News.

甲骨文与OpenAI合作共建超大规模数据中心，并通过星际之门计划每年获得300亿美元收入。

Cervantes is an open-source collaborative platform built for pentesters and red teams. It offers a centralized workspace to manage projects, clients, vulnerabilities, and reports, all in one place. By streamlining data organization and team coordination, it helps reduce the time and complexity involved in planning and executing penetration tests. As an open-source solution under the OWASP umbrella, it understands the specific needs of penetration testers from managing targets to organizing vulnerabilities, proof-of-concepts and remediation recommendations. … More →

The post Cervantes: Open-source, collaborative platform for pentesters and red teams appeared first on Help Net Security.

Преступные переводы на баланс мобильника станут пустой тратой времени.

威联通推出边缘AI加速器（QAI-U100/AQI-M100），基于RockChip RK1808芯片提供3TOPS算力，提升NAS相册识别速度36%和人脸识别22%，售价69美元。

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息资源。

DuraCommが提供するSPM-500 DP-10iN-100-MUには、複数の脆弱性が存在します。

Lantronixが提供するProvisioning Managerには、XML外部エンティティ参照（XXE）の不適切な制限の脆弱性が存在します。

Phishing is one of the oldest and most effective technique used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy Hunt, who recently fell for a phishing email. Before AI became mainstream, phishing emails often gave themselves away. They were full of grammar mistakes and awkward wording, making them easier to spot. That’s changed. Today’s phishing attacks are much more convincing, often looking just … More →

The post Phishing simulations: What works and what doesn’t appeared first on Help Net Security.