【安全圈】20年代理僵尸网络被捣毁:每周利用1000台未修复设备经过协同行动
关键词网络攻击经过协同行动,Lumen Technologies 旗下 Black Lotus Labs、美国
Aggregator
Break the Syntax CTF 2025
4 months 1 week ago
Name: Break the Syntax CTF 2025 (an Break the Syntax CTF event.)
Date: May 9, 2025, 4 p.m. — 11 May 2025, 10:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://bts2025.wh.edu.pl/
Rating weight: 42.00
Event organizers: PWr Synt@x Err0r
Date: May 9, 2025, 4 p.m. — 11 May 2025, 10:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://bts2025.wh.edu.pl/
Rating weight: 42.00
Event organizers: PWr Synt@x Err0r
Ты обновляешь NetWeaver — китайцы загружают бэкдор. Кто тут админ, а кто гость?
4 months 1 week ago
20 компаний из Fortune 500 уже пали. Остальные просто ещё не проверяли логи.
The Legacy Cyber Threat: Why We Must Prioritize Modernization
4 months 1 week ago
Most governments struggle with replacing legacy systems for a variety of reasons. But some people claim legacy mainframes can be just as secure as modern ones. So how big is the legacy cyber threat?
The post The Legacy Cyber Threat: Why We Must Prioritize Modernization appeared first on Security Boulevard.
Lohrmann on Cybersecurity
CVE-2025-4535 | Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0 Configuration File config.properties information disclosure
4 months 1 week ago
A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information disclosure.
This vulnerability is traded as CVE-2025-4535. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
AV-C第一份EDR测试报告出炉!
4 months 1 week ago
EDR是最近安全市场很火的产品,很多名叫EDR的产品出现,可是,你的EDR是真的EDR吗?真的能起作用吗?
AV-C第一份EDR测试报告出炉!
4 months 1 week ago
EDR是最近安全市场很火的产品,很多名叫EDR的产品出现,可是,你的EDR是真的EDR吗?真的能起作用吗?
Stormous
4 months 1 week ago
You must login to view this content
cohenido
DragonForce
4 months 1 week ago
You must login to view this content
cohenido
DragonForce
4 months 1 week ago
You must login to view this content
cohenido
Роутер раздавал Wi-Fi и чуть-чуть преступлений. Каждую секунду. 20 лет
4 months 1 week ago
Как хакеры построили прокси-империю на доверии к домашним устройствам.
CVE-2024-11477
4 months 1 week ago
Currently trending CVE - Hype Score: 10 - 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack ...
Пароли от CISA, DOGE и FEMA — в свободном доступе. Потому что инженер Кайл — молодец
4 months 1 week ago
Ведомства доверяли инженеру, которого Have I Been Pwned давно внес в топ.
Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast
4 months 1 week ago
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What a future without CVEs means for cyber defense For many cybersecurity professionals, the CVE program is the foundation for hands-on cybersecurity practice and crucial benchmarking of security preparedness. May 2025 Patch Tuesday forecast: Panic, change, and hope A bit of chaos ensued in the following weeks with the announcement that MITRE would no longer be supporting the CVE Program … More →
The post Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast appeared first on Help Net Security.
Help Net Security
西城44中是所好学校
4 months 1 week ago
我与44中素无瓜葛
西城44中是所好学校
4 months 1 week ago
我与44中素无瓜葛
CVE-2018-11686 | FlowPaper Flexpaper up to 2.3.6 input validation (EDB-46528)
4 months 1 week ago
A vulnerability was found in FlowPaper Flexpaper up to 2.3.6. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper input validation.
This vulnerability is traded as CVE-2018-11686. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-47817 | BlueWave Checkmate up to 2.0.2 Profile Edit Request role external control of assumed-immutable web parameter (GHSA-rq7r-p9cq-5q4f)
4 months 1 week ago
A vulnerability, which was classified as very critical, has been found in BlueWave Checkmate up to 2.0.2. Affected by this issue is some unknown functionality of the component Profile Edit Request Handler. The manipulation of the argument role leads to external control of assumed-immutable web parameter.
This vulnerability is handled as CVE-2025-47817. The attack may be launched remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-47828 | Lumi H5P-Nodejs-library up to 9.3.2 cross site scripting
4 months 1 week ago
A vulnerability classified as problematic was found in Lumi H5P-Nodejs-library up to 9.3.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-47828. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-47816 | GNU PSPP up to 2.0.1 libpspp-core.a spvxml_parse_attributes out-of-bounds
4 months 1 week ago
A vulnerability classified as problematic has been found in GNU PSPP up to 2.0.1. Affected is the function spvxml_parse_attributes of the file libpspp-core.a. The manipulation leads to out-of-bounds read.
This vulnerability is traded as CVE-2025-47816. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com