Aggregator

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed two malware strains found in a network compromised via Ivanti EPMM flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published technical details of two malware families that were discovered in the network of an unnamed organization following the compromise of Ivanti Endpoint Manager Mobile (EPMM). […]

Тщательно продуманные легенды столкнулись с простой арифметикой транзакций.

ISSTA 主会场 Full Paper，之前发的只是附属研讨会的短文

AI-powered malware, known as ‘MalTerminal’, uses OpenAI’s GPT-4 model to dynamically generate malicious code, including ransomware and reverse shells, marking a significant shift in how threats are developed and deployed. This discovery follows the recent analysis of PromptLock, another AI-driven malware, indicating a clear trend toward adversaries weaponizing large language models (LLMs). This discovery was […]

The post First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Ransomware Code appeared first on Cyber Security News.

小米和国家市场监督管理总局周五宣布，召回 2024 年 2 月 6 日至 2025 年 8 月 30 日生产的部分 SU7 标准版电动汽车，共计 116887 辆。召回编号S2025M0149I：涉及XMA7000MBEVR2和XMA7000MBEVR5车型，共计98462辆。召回编号S2025M0150I：涉及BJ7000MBEVR2车型，共计18425辆。本次召回范围内部分车辆在L2高速领航辅助驾驶功能开启的某些情况下，对极端特殊场景的识别、预警或处置可能不足，若驾驶员不及时干预可能会增加碰撞风险，存在安全隐患。小米汽车科技有限公司将通过汽车远程升级（OTA）技术，为召回范围内的车辆免费升级软件，以消除安全隐患。今年早些时候曾发生过一起涉及 SU7 辅助驾驶系统的致命车祸，导致三名大学生死亡。

The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors. According to recent data, more than 23,600 vulnerabilities were published in the first half of 2025 alone, representing a 16% increase over 2024. This alarming trend has seen sophisticated threat actors, including nation-state groups and […]

The post Top Zero-Day Vulnerabilities Exploited in the Wild in 2025 appeared first on Cyber Security News.

A vulnerability was found in Red Hat Enterprise Linux and OpenShift Container Platform. It has been declared as problematic. The affected element is an unknown function of the component Podman. Executing manipulation can lead to creation of temporary file with insecure permissions. The identification of this vulnerability is CVE-2025-4953. The attack may be launched remotely. There is no exploit available.

2025年9月的投稿指南！

Почему немецкий бизнес не может выжить в киберпространстве?

A vulnerability categorized as problematic has been discovered in libexpat up to 2.7.1. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to allocation of resources. The identification of this vulnerability is CVE-2025-59375. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

关键词用户隐私泄露🚨工信部重拳整治！

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

A vulnerability identified as critical has been detected in Mambo 4.5.1. Affected is an unknown function of the file credits.html.php of the component mediad. This manipulation of the argument mosConfig_absolute_path causes code injection. This vulnerability is handled as CVE-2007-5362. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in mosMedia. It has been declared as critical. This vulnerability affects unknown code. Such manipulation of the argument mosConfig_absolute_path leads to code injection. This vulnerability is listed as CVE-2007-5362. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in mosMedia. It has been rated as critical. This issue affects some unknown processing. Performing manipulation of the argument mosConfig_absolute_path results in code injection. This vulnerability is cataloged as CVE-2007-5362. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in OpenWiki. This affects an unknown function of the file wantedpages.php. Performing manipulation of the argument mosConfig_absolute_path results in code injection. This vulnerability was named CVE-2007-3130. The attack may be initiated remotely. In addition, an exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Letterman Subscriber up to 1.2.2 on Joomla. Affected by this vulnerability is an unknown functionality of the file mod_lettermansubscribe.php. Performing manipulation of the argument Itemid results in basic cross site scripting. This vulnerability was named CVE-2007-3249. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in JD-Wiki 1.0.2 on Joomla. Affected by this issue is some unknown functionality of the file dwpage.php. Executing manipulation of the argument mosConfig_absolute_path can lead to code injection. This vulnerability is tracked as CVE-2007-3130. The attack can be launched remotely. Moreover, an exploit is present.