Aggregator

A vulnerability was found in GNU grub2 and classified as critical. This issue affects the function grub_udf_read_block of the component udf. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-0689. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in GNU grub2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component hfs. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-1125. It is possible to launch the attack on the local host. There is no exploit available.

人工智能编程开发助手Cursor因定价变更引发争议后致歉，并调整订阅方案：新版Cursor Pro采用按使用量计费，新增无限使用的Auto模式及每月20美元先进模型调用额度；超出额度后按成本价计费，并可设置消费上限避免高额账单。

Удалённый взлом превращает Call of Duty в поле для атак.

A vulnerability has been found in Arab Portal and classified as problematic. This vulnerability affects unknown code of the file download.php. The manipulation of the argument Title leads to basic cross site scripting. This vulnerability was named CVE-2006-1504. The attack can be initiated remotely. Furthermore, there is an exploit available.

CV域名促销活动即将于7月底结束，优质域名可享半价优惠并叠加蓝点网10%折扣券。单字母域名如k.cv现价4506.75美元。活动结束后价格恢复原价。目前可注册的单字母域名包括h.cv、k.cv等，其他优质域名如vip.cv、ok.cv等也开放注册。

Фишинг, доксинг, скам: что ждёт тех, чьи резюме попали не в те руки?

Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, Douyin, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal

台湾国安局警告中国大陆开发的应用如小红书、微博等存在安全风险，过度收集数据并传回中国。这些应用违反多项安全指标，涉及个人信息和设备信息的获取。其他国家也已对类似应用采取限制措施。

Метаматериалы переворачивают привычную нам физику.

Крупнейшие системы Европы стали частью чужого бизнеса, причём незаметно для владельцев.

微软关闭在巴基斯坦的当地业务，将其许可和商业合同转移到爱尔兰，并通过经销商和周边办事处继续为客户提供服务。此举是微软全球裁员和优化劳动力的一部分，尽管客户支持不受影响，但可能对巴基斯坦的IT发展产生不利影响。

A vulnerability classified as critical was found in SecurePoll Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki. This vulnerability affects unknown code of the file SetTranslationHandler.php. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-53485. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SecurePoll Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki and classified as problematic. Affected by this vulnerability is the function ResultPage::getPagesTab of the file VotePage.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-53484. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SecurePoll Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki and classified as problematic. Affected by this issue is the function executeClear of the file ArchivePage.php. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-53483. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in modelcontextprotocol python-sdk up to 1.9.x. Affected is an unknown function. The manipulation leads to uncaught exception. This vulnerability is traded as CVE-2025-53365. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Zipkin up to 3.5.1. This affects an unknown part of the file /heapdump of the component Spring Boot Actuator. The manipulation leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-53602. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. JDWP, a standard feature in the Java platform, is designed to facilitate remote debugging by allowing developers to inspect live applications. However, when […]

The post Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload appeared first on Cyber Security News.

一位用户描述其女友遭遇房东非法安装摄像头和可疑应用的情况，并怀疑房东通过NFC技术进一步监控其手机。

A vulnerability, which was classified as critical, was found in GHH Google Hack Honeypot File Upload Manager 1.3. This affects an unknown part of the file index.php of the component File Upload. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2008-5283. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.