Aggregator

Технологические гиганты не справляются — мошеннические сайты множатся.

Submit #600881 / VDB-314836

In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains how attackers now use AI-powered, multi-channel phishing tactics to target fresh employees who are still unfamiliar with internal processes, faces, and norms. Ucar shares real-world examples, and practical, human-centric strategies to reduce risk and protect both employees and organizations from day one.

The post New hires, new targets: Why attackers love your onboarding process appeared first on Help Net Security.

PrivacyCheck 更新 适配HAE的URL信息提取规则

无影(TscanPlus)，抽奖、分享获取POC 扫描 license

A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-7060. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #602080 / VDB-314835

一项针对学术文献的大规模分析显示，去年发表的生物医学论文摘要中，约 1/7 可能借助 AI 完成撰写。2024 年医学数据库 PubMed 收录的 150 万篇摘要中，超过 20 万篇包含大模型（LLM）常推荐使用的词汇。许多团队试图评估 LLM 对学术产出的影响，但这一过程颇具挑战性，因为大多数使用者并未披露这种行为。研究人员利用了 LLM 流行后的风格化词汇去估计摘要是否是 AI 帮助撰写。研究发现，2024年有 454 个词汇的出现频率远高于 2010 年以来的任何年份。它们多为与研究内容无关的“风格词”，且以动词和形容词为主。科学词汇的演变是长期过程。2021年有 190 个“冗余词汇”，多为与研究内容相关的名词。但自 LLM 普及以来的词汇变化更为显著，且主要体现在风格层面。研究人员发现，在计算科学和生物信息学等领域，超过 1/5 的摘要由 LLM 辅助撰写。

去年生物医学论文摘要约1/7由AI撰写,基于PubMed分析发现20万篇摘要使用大模型常用词汇,主要为动词和形容词风格词。

A vulnerability was found in Oracle Application Testing Suite 13.2/13.3. It has been classified as critical. Affected is an unknown function of the component jQuery. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2019-11358. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Gamaredon利用升级的工具集对乌克兰发起鱼叉式网络钓鱼攻击;Kimusky利用ClickFix技术在受害者设备上运行恶意脚本;DPRK远程IT工作者渗透策略不断演变;Lazarus涉嫌抢劫BitoPro交易所1100万美元加密货币

当前环境出现异常，需完成验证后方可继续访问。

A vulnerability was found in Contact Form 7 Database Addon Plugin up to 1.3.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument tmpD leads to cross site scripting. This vulnerability is handled as CVE-2025-6740. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in GStreamer and classified as critical. Affected by this vulnerability is an unknown functionality of the component H266 Codec Parser. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-6663. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in vercel next.js up to 15.3.2. Affected is an unknown function of the component React Server Component. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2025-49005. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in DjvuNet DjVuLibre up to 3.5.28. This issue affects the function MMRDecoder::scanruns. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2025-53367. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in vercel next.js up to 15.1.7. This vulnerability affects unknown code. The manipulation leads to http request smuggling. This vulnerability was named CVE-2025-49826. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and social engineering tactics continue to succeed at alarming rates, often due to limited awareness of basic digital hygiene practices. Compounding the threat is a severe shortage of trained professionals. Africa has a small share of certified professionals, fewer than 25,000 across a … More →

The post Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future appeared first on Help Net Security.

A vulnerability classified as critical was found in XRMS CRM 1.99.2. Affected by this vulnerability is an unknown functionality of the file plugins/useradmin/fingeruser.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2014-5521. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Opera Web Browser 6.0.1. This vulnerability affects unknown code of the file event.ctrlKey/event.shiftKey. The manipulation leads to improper privilege management. This vulnerability was named CVE-2002-2312. The attack can be initiated remotely. Furthermore, there is an exploit available.