Aggregator

A vulnerability was found in Artica Pandora FMS 774/775/776/777/778 and classified as critical. This issue affects some unknown processing. The manipulation of the argument Netflow Directory leads to command injection. The identification of this vulnerability is CVE-2025-5306. The attack may be initiated remotely. There is no exploit available.

当前环境出现异常,需完成验证后继续访问。

在安全公司 CrowdStrike 的错误更新导致全世界 850 万台电脑崩溃近一年之后，微软正采取行动确保此类的事件不再发生，它采取的措施是将杀毒软件移出 Windows 内核。微软的新 Windows 终端安全平台正与安全公司如 CrowdStrike、Bitdefender、ESET、趋势科技等合作构建。以前微软允许安全公司的杀毒软件运行在 Windows 的内核层，不受限制的访问系统内存和硬件。CrowdStrike 去年的错误更新突出了内核驱动容易错误而导致系统蓝屏死机。微软准备释出了一个不对外公开的预览版，供安全公司测试，在多次迭代之后，完成将杀毒软件移出内核的工作。

当前环境异常，需完成验证后方可继续访问。

GreyNoise observed a surge in scanning activity targeting MOVEit Transfer systems since May 27, indicating the software could face renewed attacks

Loki is a stage-1 command and control (C2) framework written in Node.js, built to script-jack vulnerable Electron apps MITRE ATT&CK T1218.015. Developed for red team operations, Loki enables evasion of security software and bypasses application...

The post Loki: Node.js Command & Control for Script-Jacking Vulnerable Electron Applications appeared first on Penetration Testing Tools.

李继刚老师之前在即刻发了一条“知识星球是时间的朋友”，并告诉我他的感受： - 知识星球的结构，就是沉淀，越陈越香。 - 现在有了 AI，配合积累的文字，有机会发挥。 他把写过的 Prompt 都沉淀到一个星球里了。 知识星球后续会更快地实验知识库的能力，争取让沉淀出效果。

After nearly four decades as a symbol of frustration and failure for PC users worldwide, Microsoft is officially retiring the iconic Blue Screen of Death (BSOD) in favor of a new, sleeker Black Screen of Death. The change, set to roll out later this summer with Windows 11 version 24H2, marks the most significant visual […]

The post Windows Says Goodbye to Blue Screen of Death, Introduces Black Screen appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security公司推出名为LakeVilla的数据湖工具，作为SIEM平台的低成本替代方案。该工具可将不活跃的遥测数据存储于云对象存储中，并支持直接查询和回放。通过减少冷数据存储成本和优化SIEM中的数据量，帮助企业更高效地发现异常行为并应对 telemetry 数据爆炸带来的挑战。

Abstract Security this week added a data lake, dubbed LakeVilla, to a portfolio of tools for migrating data between cybersecurity tools to provide a less expensive alternative to a security information event management (SIEM) platform for storing data.

The post Abstract Security Adds Data Lake to Reduce Storage Costs appeared first on Security Boulevard.

Весь Open VSX стал потенциальным оружием хакеров.

Hackers have begun actively exploiting a critical vulnerability that grants them full control over thousands of servers, including those performing vital functions in data centers. This alarming development has prompted a warning from the...

The post CISA Warns: Critical AMI MegaRAC Firmware Flaw (CVE-2024-54085, CVSS 10.0) Actively Exploited for Server Takeover appeared first on Penetration Testing Tools.

A vulnerability has been found in BuddyPress Docs Plugin up to 2.2.4 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Download File Handler. The manipulation leads to authorization bypass. This vulnerability was named CVE-2025-5526. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WP Map Block Plugin up to 2.0.2 on WordPress. This affects an unknown part of the component Block Option Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5194. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Responsive Lightbox & Gallery Plugin up to 2.5.1 on WordPress. Affected by this issue is some unknown functionality of the component Swipebox Library. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-5093. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Firelight Lightbox Plugin up to 2.3.15 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5035. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A critical security vulnerability has been discovered in multiple Mitsubishi Electric air conditioning systems, potentially allowing hackers to bypass authentication and remotely control affected units. The flaw, identified as CVE-2025-3699, was disclosed by Mitsubishi Electric on June 26, 2025, and has been assigned a maximum CVSS base score of 9.8, indicating its severity. Authentication Bypass […]

The post Mitsubishi Electric AC Flaw Lets Hackers Remotely Control Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is preparing a significant overhaul of the infamous Blue Screen of Death (BSOD) in Windows. As part of the Windows Resiliency Initiative, the iconic blue error screen will be replaced by a new...

The post Windows 11 Retires Blue Screen of Death: New Black Crash Screen Focuses on Faster Diagnostics appeared first on Penetration Testing Tools.