Aggregator

Firefox 145 释出

Solidot
3 months ago
Mozilla 释出了 Firefox 145.0。主要变化包括:停止支持 32 位 Linux 系统,仍然使用 32 位 Linux 发行版的用户将不会收到更新,Mozilla 建议相关用户切换到 64 位操作系统;支持添加和删除 PDF 注释;增强隐私浏览的指纹识别能力,标签组预览,从侧边栏管理密码,支持播放 Matroska MKV 媒体内容;等等。

Windows Remote Desktop Services Vulnerability Let Attackers Escalate Privileges

Cyber Security News
3 months ago

Microsoft has disclosed a significant vulnerability in Windows Remote Desktop Services (RDS) that could allow authorized attackers to escalate their privileges on affected systems. Tracked as CVE-2025-60703, the flaw stems from an untrusted pointer dereference, a classic memory safety issue that has plagued software for years, and carries an “Important” severity rating from the company. The […]

The post Windows Remote Desktop Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Guru Baran

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

Security Affairs
3 months ago
“Bitcoin Queen” Zhimin Qian gets 11 years in London for laundering $7.3B from a crypto scam that defrauded 128K victims in China. A British court sentenced a Chinese woman, Zhimin Qian (47), also known as the “Bitcoin Queen,” to 11 years and eight months in jail for laundering $7.3B from a crypto scam that defrauded 128K […]
Pierluigi Paganini

CVE-2025-59253

CVE Trends
3 months ago
Currently trending CVE - Hype Score: 11 - Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

CVE-2025-41253

CVE Trends
3 months ago
Currently trending CVE - Hype Score: 13 - The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using ...

CVE-2025-49844

CVE Trends
3 months ago
Currently trending CVE - Hype Score: 5 - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem ...

SecureVibes – AI Tool Scans for Vulnerabilities in 11 Languages with Claude AI Agents

Cyber Security News
3 months ago

In the fast-paced world of “vibecoding,” where developers use AI to build applications rapidly, a new open-source tool is stepping up to tackle security risks. SecureVibes, created by developer Anshuman Bhartiya, leverages Anthropic’s Claude AI through a multi-agent system to detect vulnerabilities in codebases automatically. Released in October 2025, this Python-based scanner aims to make […]

The post SecureVibes – AI Tool Scans for Vulnerabilities in 11 Languages with Claude AI Agents appeared first on Cyber Security News.

Guru Baran

CVE-2025-12840 | AcademySoftwareFoundation OpenEXR EXR File Parser heap-based overflow

VulDB Recent Entries
3 months ago
A vulnerability marked as critical has been reported in AcademySoftwareFoundation OpenEXR. This issue affects some unknown processing of the component EXR File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is referenced as CVE-2025-12840. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-12839 | AcademySoftwareFoundation OpenEXR EXR File Parser heap-based overflow

VulDB Recent Entries
3 months ago
A vulnerability labeled as critical has been found in AcademySoftwareFoundation OpenEXR. This vulnerability affects unknown code of the component EXR File Parser. Executing manipulation can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-12839. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

Managed ad