Aggregator

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年4月21日至2025年4月27日）安全漏洞情况如下

How Many Gaps Are Hiding in Your Identity System? It’s not just about logins anymore. Today’s attackers don’t need to “hack” in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed. Once inside, they can take over accounts, move laterally, and cause long-term damage—all without

Starting May 5, 2025, Microsoft enforces strict sender requirements. Emails from domains sending over 5,000 messages per day must pass SPF, DKIM, and DMARC checks.—or face the 550 5.7.15 Access Denied error.

The post Microsoft Sender Requirements Enforced — How to Avoid 550 5.7.15 Rejections appeared first on Security Boulevard.

Новый отчёт компании об угрозах, которые не давали ИБшникам покоя последний год.

April was another busy month for the ANY.RUN team! We continued improving our malware detection capabilities, expanded our behavior signatures, and sharpened threat intelligence, all to make your investigations faster, deeper, and even more precise.  From adding fresh Suricata rules and YARA signatures to detecting new malware behaviors, here’s what’s new at ANY.RUN this month.  Let’s […]

The post Release Notes: SDK Integration, Notifications, 1,000+ Detection Rules, and APT Reports  appeared first on ANY.RUN's Cybersecurity Blog.

A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and

早期宇宙有氢、氦和少量锂。较重元素如铁是在恒星中形成的。天体物理学的一大谜团是首批比铁更重的元素如金是如何产生并分布在宇宙中的？研究人员利用 NASA 和 ESA 望远镜 20 年前的观测数据，发现了大量重元素来自磁星耀斑的证据。研究报告发表在《The Astrophysical Journal Letters》期刊上。研究人员估计，磁星巨大耀斑可能贡献了比铁重的元素总丰度的十分之一。中子星是恒星爆炸坍缩的核心，密度非常高，而磁星是具有极其强大磁场的中子星。研究发现，磁星耀斑可以高速将中子星物质喷射出去，使其成为金等重元素可能的来源。

关键词安全漏洞网络安全和基础设施安全局 (CISA) 已将Commvault Web 服务器漏洞 (CVE-2

关键词安全漏洞Apache 软件基金会披露了 Apache Tomcat 中的一个重大安全漏洞，该漏洞可能允许

关键词网络攻击前言： 在数字化浪潮席卷全球的当下，网络安全已成为国家安全体系的重要组成部分。

The legislation mandates a probe into foreign-made routers to identify risks for US national security

A vulnerability has been found in Adobe Flash Player up to 11.2.202.457/13.0.0.281/17.0.0.169 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2015-3093. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Microsoft has confirmed that Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) are being blocked after installing the April 2025 security updates. [...]

A vulnerability was found in WP Statistics Plugin up to 14.13.3 on WordPress and classified as problematic. This issue affects the function optionUpdater of the component Setting Handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-3953. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Krypto-Hashers-Community KHC-INVITATION-AUTOMATION up to 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the component API Response Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-46552. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in vllm up to 0.8.4. This affects an unknown part of the component ZeroMQ. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-30202. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in tagDiv Opt-In Builder up to 1.7 on WordPress. This issue affects some unknown processing. The manipulation of the argument subscriptionCouponId leads to sql injection. The identification of this vulnerability is CVE-2025-2890. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. This vulnerability is traded as CVE-2025-4108. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability is known as CVE-2025-4109. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.