Aggregator

Submit #680851 / VDB-331640

A vulnerability was found in EverShop up to 2.0.1. It has been declared as problematic. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. This vulnerability was named CVE-2025-12919. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linux Kernel up to 6.17.1. It has been classified as critical. This impacts an unknown function of the component crypto. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-40109. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.17.1 and classified as problematic. This affects the function hung_task_timeout_secs. Executing manipulation can lead to denial of service. This vulnerability is handled as CVE-2025-40108. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

Submit #680788 / VDB-331639

The regional broadcasting company RTV Noord, based in the Netherlands, has suffered a large-scale cyberattack that crippled much

The post Radio on Vinyl: Cyberattack Cripples Dutch Broadcaster RTV Noord, Forcing Manual Operation appeared first on Penetration Testing Tools.

British journalists have conducted a sweeping investigation revealing that the social network X is shaping a one-sided political agenda

The post Exposed: X’s Algorithm Found to Heavily Favor Right-Wing Views in UK Politics appeared first on Penetration Testing Tools.

The Apache OpenOffice project has come under public scrutiny following claims by the Akira ransomware group, which alleged

The post Ransomware ‘Fakeout’? Apache OpenOffice Disputes Akira’s 23GB Data Theft Claim appeared first on Penetration Testing Tools.

文章分享了作者在法律研究和文书写作中使用AI工具的经验。作者通过配置两个大模型对话框和一个法律AI产品（如律爱多），分别用于文书起草、思路梳理和事实核查。这种分工旨在避免立场偏见对思考的影响，并提升工作效率。作者强调了对AI工具职能的重新认识：法律AI的核心价值在于检索与分析的可溯源性，而大模型则更适合生成与迭代文本内容。

The Open Container Initiative (OCI) has released an update to its OCI Runtime Specification v1.3, which defines the

The post FreeBSD Joins the Container Club: OCI Standard Officially Adds the New Platform appeared first on Penetration Testing Tools.

Tanzania has reconnected to the internet after a five-day nationwide blackout that coincided with the presidential elections. According

The post Tanzania’s Blackout: Internet Shutdown Coincides with Violence and Disputed Election appeared first on Penetration Testing Tools.

Vulnerabilities in corporate messengers are no longer a rarity, yet this time the threat is of a far

The post Critical Flaws in Microsoft Teams Let Hackers Impersonate CEOs and Edit Messages Undetected appeared first on Penetration Testing Tools.

Cloudflare has encountered an unexpected phenomenon: in its public ranking of the most popular domains, websites associated with

The post Botnet Beats Big Tech: Aisuru Overtakes Google in Cloudflare’s Popularity Ranking appeared first on Penetration Testing Tools.

Threat actors affiliated with the group Curly COMrades have devised a method to conceal malicious activity from detection

The post Virtual Walls: Curly COMrades Hides Attacks in Hyper-V VMs to Evade Detection appeared first on Penetration Testing Tools.

混沌通信大会39C3将举办导师计划"Chaospat:innen"，为首次参与者提供支持。感兴趣者可于2025年11月25日前在指定平台注册成为导师或学员。该计划旨在帮助新人适应大会环境，提供个性化指导和小组交流机会。

Инженеры научились управлять фазами металла — и сделали аноды, где литий движется без сопротивления.

The Norton team, part of Gen Digital, has discovered a critical vulnerability in a new ransomware strain known

The post Midnight Ransomware: Critical Flaw Found, Files Can Be Decrypted for Free appeared first on Penetration Testing Tools.

Washington is investigating a possible cyberattack targeting one of the U.S. Congress’s key analytical bodies—the Congressional Budget Office

The post US Congress’s Budget Office Breached: Foreign Hackers Hunt for Economic Secrets appeared first on Penetration Testing Tools.

Singapore has chosen to confront the surge in online fraud through a method that seems to have stepped

The post Extreme Deterrence: Singapore Approves Caning for Individuals Guilty of Internet Scamming appeared first on Penetration Testing Tools.

The corporation Meta derives enormous profits from advertising fraudulent schemes and prohibited goods. According to internal documents reviewed by

The post The $16 Billion Secret: Internal Docs Reveal Meta Profits Massively from Scam Ads appeared first on Penetration Testing Tools.