Aggregator

A vulnerability classified as problematic was found in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration["PASSWORD"] results in os command injection. This vulnerability is reported as CVE-2025-10767. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #648118 / VDB-325123

A vulnerability classified as problematic has been found in Bluefeet Starch up to 0.14. Impacted is the function rand of the component Default Session ID Generator. The manipulation leads to generation of predictable numbers or identifiers. This vulnerability is documented as CVE-2025-40925. The attack can be initiated remotely. There is not any exploit available.

Там, откуда обычно ждут спасения, остаётся только пустота.

Name: K17 CTF (an K17 CTF event.)
Date: Sept. 19, 2025, 8 a.m. — 21 Sept. 2025, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.secso.cc/
Rating weight: 24.83
Event organizers: K17

Name: CDCTF 2025 (an CDCTF event.)
Date: Sept. 20, 2025, 3 p.m. — 21 Sept. 2025, 03:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://uacrimsondefense.github.io/cdctf.html
Rating weight: 25.00
Event organizers: Crimson Defense

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is invisible to security teams Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. Arkime: Open-source network analysis and packet capture system Arkime is an open-source system for large-scale network analysis and … More →

The post Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI appeared first on Help Net Security.

A detailed guide for CTOs and VP of Engineering on achieving enterprise readiness for software, covering security, scalability, compliance, and integration.

The post Steps to Achieve Enterprise Readiness for Software appeared first on Security Boulevard.

Explore vulnerability management and remediation solutions for enterprise SSO and CIAM. Learn to protect your systems from cyber threats with effective strategies.

The post Vulnerability Management and Remediation Solutions appeared first on Security Boulevard.

A vulnerability described as critical has been identified in Apple QuickTime up to 7.0.1. The impacted element is an unknown function. The manipulation results in code injection. This vulnerability is identified as CVE-2009-0955. The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Mpesch3.de1 1by1 1.67. The affected element is an unknown function. This manipulation causes memory corruption. This vulnerability appears as CVE-2009-4932. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in Adobe Flash Player. Affected by this vulnerability is an unknown functionality of the component File Processing. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2009-0520. The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is advised.

A vulnerability has been found in Sun Solaris and classified as problematic. The impacted element is an unknown function of the component IOCTL Handler. Performing manipulation results in denial of service. This vulnerability is reported as CVE-2009-1478. The attack requires a local approach. Moreover, an exploit is present. The affected component should be upgraded.

A vulnerability was found in ZenPhoto 1.2.5. It has been classified as critical. This affects an unknown part of the file index.php. This manipulation of the argument Title causes sql injection. This vulnerability is tracked as CVE-2009-4566. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Discover how smartphone cameras can be used for easy eye vein verification. Learn about the software development, security, and future trends of this biometric authentication method.

The post Using Smartphone Cameras for Easy Eye Vein Verification appeared first on Security Boulevard.

Спустя 17 месяцев создатель медовой ловушки наконец предстанет перед судом.

网络空间天朗气清、生态良好，符合人民利益。网信部门将持续聚焦破坏网络生态违法违规突出问题，发挥网络执法“利剑”作用，督促网站平台履行主体责任和社会责任，切实维护清朗网络空间。

论坛以“数字空间安全与数字产品隐私保护检验检测”为主题，汇聚了来自国家相关部委、中国网络安全领域的院士专家、中央企业和国有企业负责人、企业家，以及“一带一路”沿线国家和地区的网络政策和技术专家、用户代表等300余人现场参会。

当前，互联网技术飞速发展，各类音视频平台层出不穷。但在这片繁荣景象之下，一些非法转播境外反宣电视内容的行为，正通过越来越隐蔽的渠道悄然蔓延。部分不法平台打着“共享软件”“定制硬件”的幌子，向用户提供灰色入口。

2025年9月11日，中国工程院院士邬江兴在2025第四届北外滩网络安全论坛发表主旨演讲，围绕“破局美欧网络弹性铁幕”，从背景、理论局限、美欧战略及中国方案四方面展开论述，深入浅出地解答“为何破局”与“如何破局”。