Aggregator

数字便捷的背后，是否也埋下了信息安全失控的导火索？复旦大学安全团队深度揭示小程序生态的系统性安全风险。

勒索软件组织 Akira 通过猜测员工的弱密码入侵了一家英国北安普敦郡运输公司 KNP 的计算机系统，加密系统勒索赎金。KNP 有 158 年历史，有 700 名员工。报道称，黑客没有披露赎金金额，一家专业勒索软件谈判公司估计赎金可能高达 500 万英镑。该公司没有这么多钱，以及显然没有备份，这起事件最终导致了公司倒闭。

Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface. HPE disclosed hardcoded credentials in Aruba Instant On Wi-Fi devices that allow attackers to bypass login and access the web interface. The flaw tracked as CVE-2025-37103 (CVSS score of 9.8) impacts devices running firmware version 3.2.0.1 […]

A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. This vulnerability is handled as CVE-2025-8019. The attack may be launched remotely. Furthermore, there is an exploit available.

Один скрытый файл на корпоративном сервере позволил удалённо управлять всей инфраструктурой.

本指南提供清晰的技术路径与实践建议，支持香港稳定币生态的健康发展。

A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection. This vulnerability is known as CVE-2025-8018. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-8017. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #619530 / VDB-317222

A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...

The post SharePoint Under Siege: New Zero-Day (CVE-2025-53770) Actively Compromises 100+ Global Organizations appeared first on Penetration Testing Tools.

Submit #619379 / VDB-317221

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

根据发表在《Nature Human Behaviour》期刊上的一项研究，在不减少收入的情况下，每周工作四天能增进员工工作满意度和身心健康，这得益于工作效率提升、疲劳度降低和睡眠问题减少。这些发现凸显出组织和政策制定者通过重新评估工作时长来改善员工福祉的潜力。为测试四天工作制（不减薪）干预的效果，研究人员开展了为期 6 个月的试验，涉及澳大利亚、加拿大、新西兰、英国、爱尔兰和美国 141 家组织的 2896 名雇员。利用调查数据，他们比较了干预前后的工作和健康相关指标（包括职业倦怠、工作满意度、心理和身体健康）。他们还将结果与另外 12 个没有尝试该措施的公司的 285 名雇员作了比较。结果显示，在采取 4 天工作制以后，平均每周工作时间减少了 5 小时。和继续每周工作 5 天的公司员工相比，每周工作时间减少 8 小时或以上的员工，自我报告倦怠感降低，工作满意度和精神健康改善。同样的效应在每周工作时长减少 1-4 小时和 5-7 小时的员工身上也被观察到，尽管效果相对较小。这些获益可以部分归因于睡眠问题减少、疲劳程度降低，以及个人工作能力提升。

Submit #619364 / VDB-317220

A vulnerability was found in mirror-registry and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to injection. The identification of this vulnerability is CVE-2025-7777. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Rocket.Chat and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-7974. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WP Shortcodes Plugin up to 7.4.2 on WordPress. This affects an unknown part. The manipulation of the argument Image Title/Slide Link leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8015. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Amazon Affiliates Addon for WPBakery Page Builder Plugin up to 1.2 on WordPress. Affected by this issue is some unknown functionality of the component WPBakery Page. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-30631. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in FoodMenu Plugin up to 1.20 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-29014. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Apollo Plugin up to 3.4 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-48168. It is possible to launch the attack remotely. There is no exploit available.