Aggregator

2025年8月28日，CSOP 上海站议程公开！

当前环境出现异常状态，需完成验证后才能继续访问相关内容或服务。

Cyber-criminals have gradually shifted their focus toward the high-value infrastructure that trains, tunes and serves modern artificial-intelligence models. Over the past six months, incident-response teams have documented a new malware family, tentatively dubbed “ShadowInit,” that targets GPU clusters, model-serving gateways and orchestration pipelines inside large language model (LLM) deployments. Unlike earlier crypto-mining campaigns, ShadowInit seeks […]

The post Cyber Attacks Against AI Infrastructure Are in The Rise With Key Vulnerabilities Uncovered appeared first on Cyber Security News.

文章描述了云flare错误代码521的原因及其解决方法。

HackerNews 编译，转载请注明出处： 谷歌发布安全更新修复安卓系统多项安全漏洞，包含两个已被实际利用的高通漏洞。漏洞涉及CVE-2025-21479（CVSS评分8.6）与CVE-2025-27038（CVSS评分7.5），二者与CVE-2025-21480（CVSS评分8.6）均由芯片制造商于2025年6月披露。 CVE-2025-21479属于图形组件授权错误漏洞，可能导致因GPU微代码中未经授权的命令执行而引发内存损坏。CVE-2025-27038则是图形组件的释放后重用漏洞，在Chrome浏览器使用Adreno GPU驱动渲染图形时可能造成内存损坏。 目前尚无漏洞实际利用细节，但高通曾声明“谷歌威胁分析小组迹象表明，CVE-2025-21479、CVE-2025-21480、CVE-2025-27038可能已被有限且针对性利用”。鉴于Variston、Cy4Gate等商业间谍软件供应商曾利用类似高通芯片漏洞，推测上述漏洞可能已被同类场景滥用。 这三项漏洞已被美国网络安全和基础设施安全局（CISA）列入已知被利用漏洞目录，要求联邦机构在2025年6月24日前完成更新。 谷歌2025年8月补丁还修复了安卓框架中两个高危权限提升漏洞（CVE-2025-22441与CVE-2025-48533）以及系统组件关键漏洞（CVE-2025-48530）。后者在与其他漏洞串联时，无需额外权限或用户交互即可实现远程代码执行。 谷歌提供2025-08-01和2025-08-05两套补丁级别，后者额外包含Arm与高通闭源及第三方组件修复方案。建议安卓用户及时安装更新以防范潜在威胁。       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A sophisticated cybercriminal campaign dubbed “ClickTok” has emerged as one of the most extensive threats targeting TikTok Shop users worldwide, with researchers identifying over 10,000 malicious domains designed to steal user credentials and deploy advanced spyware. The campaign represents a significant escalation in e-commerce-focused cyberattacks, combining traditional phishing techniques with cutting-edge malware distribution to exploit […]

The post 10,000+ Malicious TikTok Shop Domains Attacking Users to Steal Logins and Deploy Malware appeared first on Cyber Security News.

A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8469. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation of the argument email leads to sql injection. This vulnerability is handled as CVE-2025-8468. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-8470. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The identification of this vulnerability is CVE-2025-8471. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-8493. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-8467. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of the argument email leads to sql injection. This vulnerability is traded as CVE-2025-8466. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection. The identification of this vulnerability is CVE-2025-8439. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. This vulnerability is traded as CVE-2025-8441. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. This vulnerability is known as CVE-2025-8442. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. This vulnerability is handled as CVE-2025-8443. The attack may be launched remotely. Furthermore, there is an exploit available.

在影视作品中，通常会有黑客指尖翻飞间攻破防火墙的炫目场景，而GeekTyper以一款轻量级模拟工具的身份，将

当前环境出现异常，请完成验证后继续访问。

A vulnerability was found in Mbed TLS up to 3.6.2. It has been classified as critical. Affected is the function pkwrite of the component Opaque Key Pair Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-49195. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.