Aggregator

A vulnerability, which was classified as very critical, has been found in Dingtian DT-R002, DT-R008, DT-R016 and DT-R032. This issue affects some unknown processing of the component Main Page. The manipulation leads to authentication bypass using alternate channel. The identification of this vulnerability is CVE-2025-1283. The attack may be initiated remotely. There is no exploit available.

核心在于攻击者利用闪电贷中的特殊机制，操纵放大了空市场中累加器的值。

Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to steal browser cookies and hijack accounts. The company also warned affected users to fully reformatting […]

Построить гигантскую лунную базу? Не проблема.

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql.  This flaw was identified during research into the exploitation of CVE-2024-12356, a remote code execution (RCE) vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products.  The discovery highlights the interconnected nature of these vulnerabilities, as successful exploitation […]

The post PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.

Как элитные шпионы осваивают криминальный бизнес.

Sinaptik AIが提供するPandasAIのプロンプト機能には、任意のコードが実行可能な脆弱性が存在します。

过去几年部分国家攻读博士学位的人数出现了下降，高生活成本、低薪水和毕业后工作选择有限等被认为是这一现象的主因。澳大利亚大学和 Australian Council of Graduate Research(ACGR)上月公布的数据显示，2018-2023 年澳大利亚国内攻读博士学位的人数减少了 8%，而同期内人口增长了逾 7%。在很多国家阻碍学生读博的最主要因素是生活成本高而薪水很少。在澳大利亚，博士生的平均津贴约 32,000 澳元，刚刚高于单身人士的贫困线，而澳博士生的平均年龄在 30 多岁，可能面临着家庭等责任。日本的情况类似，2003 年日本国内的博士生有 18,232 人，而 2021 年降至了 15,014 人。日本文部科学省去年宣布了为博士生提供额外资金的计划。巴西报告 2022 年博士生入学人数创十年新低，一个原因是新冠疫情，但这不是唯一原因。2023 年巴西将硕士和博士生助学金增长四成，促进了当年入学人数的小幅增长。

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/load_user-profile.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-1190. The attack can be initiated remotely. There is no exploit available. Multiple parameters might be affected.

A vulnerability was found in codeprojects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file $role of the component Administrator Login Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. This vulnerability is known as CVE-2024-11078. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #498524 / VDB-283873

История неуязвимого хостинга закончена.

Как давление и постоянные конфликты разрушают Open Source изнутри.

总结推荐本周的热点资讯、一周好文，保证大家不错过本周的每一个重点！

Currently trending CVE - hypeScore: 1 - Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Currently trending CVE - hypeScore: 1 - OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Детальный разбор техник идентификации C2-каналов в QUIC-трафике. Анализ особенностей протокола, паттернов соединений и инструментов мониторинга для ИБ-специалистов.