Aggregator

A vulnerability classified as critical has been found in Linux Kernel up to 6.13.1. This affects the function cow_file_range of the file fs/btrfs/extent_io.c. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-57976. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.12/6.13.1 and classified as problematic. This vulnerability affects the function run_delalloc_nocow. The manipulation leads to insufficient verification of data authenticity. This vulnerability was named CVE-2024-57975. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3 and classified as critical. This vulnerability affects the function vidtv_mux_init of the component vidtv. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-57834. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.12/6.13.1. Affected by this vulnerability is an unknown functionality of the component ICMP Message Handler. The manipulation leads to excessive iteration. This vulnerability is known as CVE-2024-57974. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3. This affects the function nfs_sysfs_link_rpc_client of the component NFS. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-54456. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 印度加密货币交易所CoinDCX上周遭遇黑客攻击，损失约4420万美元。公司联合创始人Neeraj Khandelwal与Sumit Gupta上周六通过社交媒体披露异常情况，随后确认被盗资金源自公司内部运营账户。 创始人声明用户资金未受影响：“受影响的操作账户已被隔离。由于运营账户与用户钱包物理隔离，风险仅限该账户，损失将由我们通过自有储备金全额承担。” 公司已向印度计算机应急响应小组（CERT-In）通报案情。 CoinDCX成立于2018年，作为印度头部加密平台拥有约1600万用户。公司表示正与安全团队合作调查事件、修复漏洞并追踪被盗资金以进行冻结回收，同时承诺推出漏洞悬赏计划。 Khandelwal及多家区块链安全公司确认，上周五晚间有价值4420万美元的USDC和USDT（两种锚定美元的稳定币）从平台盗走。CoinDCX周日发布的事件分析报告称将通过储备金覆盖损失，目前已追踪到两个分别持有2760万和1620万美元的涉事钱包，截至本周一下午虽显示清零，但专家发现资金已转移至新钱包。 Gupta在多平台警告用户防范冒充CoinDCX官员的诈骗者，强调“切勿向任何人提供账户信息”。公司承诺向协助追回资金者提供最高25%的返还金额，同时寻求黑客身份线索以提起法律诉讼。 此次攻击发生之际，距印度另一加密巨头WazirX遭窃2.3亿美元仅数月（2024年11月涉案嫌疑人被捕）。区块链安全公司Chainalysis上周数据显示，2025年全球加密资产被盗金额已达21.7亿美元，超2024年全年总和。       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章描述了错误代码521的情况，指出该错误通常由Cloudflare服务器无法连接到网站源服务器引起，可能由于源服务器配置错误、网络问题或防火墙设置不当导致。

文章介绍了Oracle WebLogic Server中的新漏洞CVE-2025-30762，该漏洞允许攻击者通过绑定恶意LDAP服务器的Reference实例，在调用Context.lookup时触发代码执行。无需身份验证即可利用T3或IIOP协议进行攻击，可能导致未经授权的数据访问和远程代码执行。

A vulnerability was found in Kerio Personal Firewall up to 4.1.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to infinite loop. This vulnerability is known as CVE-2004-1109. The attack can be launched remotely. Furthermore, there is an exploit available.

Citrix修复了两个高危漏洞CVE-2025-5349和CVE-2025-5777，其中CVE-2025-5777为内存溢出漏洞（Citrix Bleed 2），CVSS评分9.3。该漏洞影响NetScaler ADC和Gateway的部分版本，可导致敏感信息泄露、私钥窃取等严重危害。

HackerNews 编译，转载请注明出处： 科技制造商戴尔近日证实，黑客入侵了其产品演示平台，但向媒体强调事件未涉及敏感信息。 戴尔在声明中指出，某威胁行为体非法访问了“戴尔解决方案中心”（Dell’s Solution Center），该平台专为商业客户“展示产品功能及测试概念验证”而设立。 公司发言人明确表示，该平台“在设计上已与客户及合作伙伴系统隔离，同时独立于戴尔内部网络，不参与任何客户服务的提供流程”。平台使用的数据主要为虚假信息，源自公开数据集，仅用于产品演示等非生产场景。发言人补充道：“根据持续调查，攻击者获取的数据本质上是合成数据、公开信息或戴尔内部测试数据。” 作为全球最大计算机制造商之一，戴尔上个财年营收达956亿美元。 戴尔未透露事件具体发生时间及幕后组织，但勒索软件组织WorldLeaks声称对此次攻击负责。 该组织由三周前解散的Hunters International重组而来，解散前曾向既往受害者免费提供解密工具。Hunters International曾主导多起高调攻击，包括入侵美国法警局、纳米比亚国有电信运营商及西雅图知名癌症研究中心。 Hunters International的核心成员于2024年11月创建WorldLeaks。网络安全公司Group-IB评估认为，部分WorldLeaks与Hunters的管理员可能曾参与2023年被执法部门渗透瓦解的Hive勒索组织。 上周，谷歌事件响应团队披露，WorldLeaks成员正通过网络安全公司SonicWall的生命周期终止设备窃取企业敏感数据。       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

该文章介绍了错误代码521的原因及解决方法。

UNG0002 методично уничтожила кибербезопасность: от военных заводов до больниц.

ChatGPT每天处理25亿次提问请求,其中3.3亿来自美国用户,年请求量达9125亿次,虽远低于谷歌搜索的5万亿次,但增长速度惊人,OpenAI确认数据准确但未透露更多细节,人工智能正在改变传统工具格局.

A vulnerability classified as critical was found in Linux Kernel up to 6.13.1. This vulnerability affects the function th1520_mbox_suspend_noirq of the component mailbox. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-57983. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. Affected by this vulnerability is the function process_responses. The manipulation of the argument tot_len leads to integer overflow. This vulnerability is known as CVE-2024-57973. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been declared as critical. Affected by this vulnerability is the function sys_exit in the library lib/kobject.c. The manipulation leads to use after free. This vulnerability is known as CVE-2024-57979. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.12/6.13.1. Affected is the function tps6594_rtc_set_offset. The manipulation of the argument tmp leads to integer overflow. This vulnerability is traded as CVE-2024-57953. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3. It has been rated as problematic. Affected by this issue is the function msm_ioctl_gem_submit of the component gem. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2024-52559. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3 and classified as critical. This vulnerability affects the function bsg_queue of the component scsi. The manipulation leads to use after free. This vulnerability was named CVE-2024-54458. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.