Aggregator

ReVault! When your SoC turns against you… deep dive edition

不安全
4 months 1 week ago
这篇文章探讨了Dell ControlVault的安全漏洞及其潜在风险。研究者通过分析ControlVault的固件和通信机制,发现了多个漏洞,包括未加密的固件、堆溢出和栈溢出等问题。这些漏洞可能导致本地权限提升或绕过指纹验证。文章还展示了如何通过篡改固件实现系统级攻击,并讨论了物理攻击的可能性。最终强调了硬件安全解决方案的复杂性和潜在风险。

Nvme woes

不安全
4 months 1 week ago
数字取证科学涉及从数字设备中恢复和调查材料,主要用于计算机犯罪调查。该领域应用信息安全原则,通过审计流程进行归属和事件重建。相关社区不仅限于个人电脑,还包括手机、视频等多种媒体。

CVE-2025-8815 | 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e Shiro Configuration /index path traversal (ICOVAK / EUVD-2025-24097)

VulDB Recent Entries
4 months 1 week ago
A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-8815. It is possible to launch the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
vuldb.com

CVE-2025-8814 | atjiu pybbs up to 6.0.0 CookieUtil.java setCookie cross-site request forgery (Issue 211 / EUVD-2025-24094)

VulDB Recent Entries
4 months 1 week ago
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-8814. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-8813 | atjiu pybbs up to 6.0.0 IndexController.java changeLanguage referer redirect (Issue 210 / EUVD-2025-24095)

VulDB Recent Entries
4 months 1 week ago
A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. This vulnerability was named CVE-2025-8813. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-8812 | atjiu pybbs up to 6.0.0 Admin Panel /api/settings cross site scripting (Issue 209 / EUVD-2025-24092)

VulDB Recent Entries
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8812. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

ChatGPT Connectors ‘0-click’ Vulnerability Let Attackers Exfiltrate Data From Google Drive

Cyber Security News
4 months 1 week ago

A critical vulnerability in OpenAI’s ChatGPT Connectors feature allows attackers to exfiltrate sensitive data from connected Google Drive accounts without any user interaction beyond the initial file sharing. The attack, dubbed “AgentFlayer,” represents a new class of zero-click exploits targeting AI-powered enterprise tools. The vulnerability was disclosed by cybersecurity researchers Michael Bargury from Zenity and […]

The post ChatGPT Connectors ‘0-click’ Vulnerability Let Attackers Exfiltrate Data From Google Drive appeared first on Cyber Security News.

Guru Baran

Advice on strengthening CV for uni

不安全
4 months 1 week ago
土耳其17岁学生寻求加强简历建议,计划申请爱尔兰、波兰、爱沙尼亚大学学习网络安全或计算机科学。已添加Python项目至GitHub并考取IBM和Google证书。询问如何进一步吸引大学和雇主注意,并探讨大学期间活动及赚取被动收入的方法。

Managed ad