Aggregator

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2025-7938. The attack may be initiated remotely. Furthermore, there is an exploit available.

一项旨在预防线粒体 DNA 疾病遗传的开创性体外受精技术（IVF）——原核移植，已成功帮助 8 名婴儿健康出生。这些婴儿共有四男四女，其中一对为同卵双胞胎。他们由 7 名携带高风险线粒体 DNA 突变的女性所生，但均未表现出任何线粒体疾病迹象。该技术通过将母亲受精卵中的核 DNA，转移到一个健康捐赠者去核的卵子中，从而避免将母亲线粒体中的致病突变遗传给下一代。由此产生的胚胎，携带了父母的核 DNA 和捐赠者的线粒体DNA，因此被称为“三亲婴儿”。线粒体疾病，由线粒体中的基因突变引发，可能导致肌肉无力、癫痫、发育迟缓、器官衰竭乃至死亡。尽管常规体外受精检测可识别多数突变，但很多时候依然存在不确定性。这是“三亲婴儿”相关技术得以出现的原因。

Submit #618986 / VDB-317076

Submit #618985 / VDB-317075

Security gaps, coupled with savvy cybercriminals, lend urgency to mitigating the potential for exploitation posed by surveillance tech.

The post Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance  appeared first on Security Boulevard.

墨西哥城的政府监控摄像头被毒贩黑客利用，导致FBI线人被追踪并杀害。黑客通过监控系统和电话记录识别出FBI官员，并利用这些信息威胁或杀害潜在的线人。事件揭示了监控技术滥用的风险，并促使FBI加强安全措施和技术培训以应对威胁。

A vulnerability has been found in Digiwin SFT up to 3.7.12 and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-7343. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Nokia WaveSuite NOC. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-24937. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in ASKEY RTF8207w and RTF8217. Affected by this issue is some unknown functionality. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-7921. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Digiwin EAI. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect use of privileged apis. This vulnerability is known as CVE-2025-7344. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Nokia WaveSuite NOC. Affected is an unknown function of the component User Management. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-24938. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A critical vulnerability has been discovered in Microsoft SharePoint Server, now actively exploited as part of a widespread cyberattack campaign. The flaw, identified as CVE-2025-53770, carries a staggering severity score of 9.8 out of...

The post Critical SharePoint Zero-Day (CVE-2025-53770) Actively Exploited in the Wild appeared first on Penetration Testing Tools.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability in Microsoft SharePoint Server that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations running on-premises SharePoint installations. The flaw stems from a deserialization of untrusted data vulnerability within […]

The post CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Забудьте пароли навсегда — Magic Links уже здесь. Простое объяснение технологии, которая делает вход в аккаунты безопаснее и удобнее. В статье описываем, как это работает и почему крупнейшие сервисы массово переходят на 'волшебные ссылки.

CERT-AGID在最近一周检测到73起恶意活动，其中46起针对意大利目标。攻击主题包括罚款、银行、订单和支付等，主要通过钓鱼邮件传播。恶意软件如FormBook、Remcos和MintLoader被用于攻击。电子邮件为主要传播渠道，但也利用短信和PEM邮箱进行传播。

关闭了自发布功能，改为每周统一的问题讨论帖；欢迎提问关于逆向工程的问题；具体工具或目标相关问题建议去StackExchange或r/AskReverseEngineering。

A critical denial-of-service vulnerability has been discovered in 7-Zip that allows attackers to crash systems using specially crafted RAR5 archive files. The vulnerability, tracked as CVE-2025-53816, affects the popular compression software’s RAR5 decoder and can lead to memory corruption and system crashes when processing malicious archives. Technical Details of the Vulnerability Security researcher Jaroslav Lobačevski […]

The post 7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Learn how MDR threat detection works, its key techniques, and how it helps identify, contain, and respond to advanced cyber threats in real time.

The post Understanding MDR Threat Detection Techniques appeared first on Sygnia.

Многофакторка в деле. Один фактор — ты, второй — твоя наивность.

A vulnerability was found in Simopro WinMatrix3 Web package up to 1.2.38.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-7918. The attack may be initiated remotely. There is no exploit available.