Aggregator

Законопроект Минцифры расширит полномочия ФСБ в сфере связи.

The infamous Meow attack, which devastated unsecured databases since 2020, has resurfaced with renewed force through MAD-CAT (Meow Attack Data Corruption Automation Tool). This custom-built adversarial simulation tool demonstrates how easily attackers can corrupt data across multiple database platforms simultaneously, highlighting a critical vulnerability that continues to plague modern infrastructure. The Evolution of Meow While Meow attack […]

The post MAD-CAT “Meow” Tool Sparks Real-World Data Corruption Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。我先看看文章主要讲了什么。 文章提到了上周的网络威胁情况，攻击者变得更聪明了。具体来说，有隐藏在虚拟机中的恶意软件、侧信道泄露导致AI聊天被暴露，还有针对安卓设备的间谍软件。这些都是表面现象。 更深层次的，文章提到睡眠逻辑炸弹和主要威胁集团的新联盟，说明网络犯罪正在迅速演变，技术上的隐秘性和战略协调之间的界限变得模糊。此外，还提到了一些具体的案例和趋势CVEs，以及全球范围内的网络安全事件和工具。 用户的需求是简洁明了的总结，所以我要抓住重点：网络威胁多样化、技术隐秘性增强、攻击目标精准化。这样在一百字以内就能涵盖主要内容。 上周网络威胁频发，攻击者利用虚拟机隐藏恶意软件、侧信道漏洞暴露AI聊天内容，并针对安卓设备投放间谍软件。同时，睡眠逻辑炸弹和威胁集团联盟表明网络犯罪正快速演变，技术隐秘性与战略协调性界限模糊。

新影像公司崛起的核心，就是用计算突破光学围栏。

A vulnerability was found in Samsung Devices. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component DeviceIdService. Executing manipulation can lead to improper verification of intent by broadcast receiver. This vulnerability is registered as CVE-2025-20942. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Galaxy Watch. This issue affects some unknown processing. Performing manipulation results in improper verification of cryptographic signature. This vulnerability was named CVE-2025-20939. The attack may be carried out on the physical device. There is no available exploit.

A vulnerability was found in Samsung Devices and classified as critical. This impacts an unknown function of the component Health Manager Service. Such manipulation leads to improper authentication. This vulnerability is listed as CVE-2025-20940. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in Samsung Devices. Affected by this vulnerability is an unknown functionality of the component ClipboardService. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is traded as CVE-2025-20935. An attack has to be approached locally. There is no exploit available.

A vulnerability described as critical has been identified in Samsung Devices. This vulnerability affects unknown code. Such manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-20936. Local access is required to approach this attack. No exploit exists.

A vulnerability, which was classified as problematic, has been found in Samsung Devices. The affected element is an unknown function of the component Sticker Center. The manipulation leads to improper export of android application components. This vulnerability is referenced as CVE-2025-20934. The attack can only be performed from a local environment. No exploit is available.

A vulnerability has been found in Samsung Devices and classified as critical. This affects an unknown function of the component SamsungContacts. This manipulation causes improper access controls. This vulnerability is tracked as CVE-2025-20938. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

A vulnerability described as problematic has been identified in encode starlette up to 0.47.1. Impacted is an unknown function. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2025-54121. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

Go语言作为云原生时代的主流编程语言，其应用范围已覆盖容器编排、微服务架构、区块链平台等关键基础设施。随着Go项目在生产环境中的广泛部署，针对Go代码的安全测试需求愈发迫切。传统的AFL、libFuzzer等模糊测试工具主要针对C/C++项目设计，无法直接应用于Go语言生态。 本文系统分析Go语言模糊测试的技术演进路径，从第三方工具go-fuzz到官方工具链go test -fuzz的完整技术方

Linux 内核社区也无法避开生成式 AI 工具。内核开发者拟议了一份政策提议，讨论如何使用 AI 工具。提议的重点是披露 AI 工具的使用情况，提交者需要披露递交的补丁有哪些来自工具哪些来自人，因为审核者和维护者的资源是有限的，了解这些信息既有助于提高效率，又能维护提交者和审查者之间的信任，对内核的健康发展至关重要。拟议的政策不针对使用工具修正拼写和语法等简单任务，而是针对递交的补丁包含大量工具生成内容。

A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation and natural language processing. The vulnerability, tracked as CVE-2025-12735, poses significant risks to server environments and to AI-powered applications that process user input. Identifier Value CVE ID […]

The post Popular npm Library Used in AI and NLP Projects Exposes Systems to RCE appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Конгресс проигнорировал, что уязвимы все роутеры, и готовится к показательной казни бюджетного Wi-Fi.

A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. This vulnerability is documented as CVE-2025-12938. The attack can be initiated remotely. Additionally, an exploit exists.