Aggregator

A vulnerability was found in Repetier Server up to 1.4.10 and classified as problematic. This issue affects some unknown processing of the file connectionLost.php. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2023-31059. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Repetier Server up to 1.4.10. This affects an unknown part. The manipulation leads to least privilege violation. This vulnerability is uniquely identified as CVE-2023-31060. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Repetier Server up to 1.4.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2023-31061. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Linux Kernel 6.2. Affected is the function vidtv_mux_stop_thread of the file drivers/media/test-drivers/vidtv/vidtv_bridge.c. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-31081. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

前言 懒猫微服用着还.. 阅读更多

Organizations continue to be at high risk from cybercrime in Africa, despite law enforcement takedowns of cybercriminal syndicates in Nigeria and other African nations.

Генная инженерия раскрывает новые грани борьбы со старением и раком.

Нежелание обновлять прошивки сделало Zyxel находкой для хакеров.

**2024年勒索软件赎金支付额暴跌35%至8.1355亿美元，但攻击量暴增创纪录！** 财富50强公司被迫支付7500万美元天价赎金，企业集体反击：“宁毁声誉也不妥协！” 执法重拳粉碎LockBit，攻击者疯狂加码却难逃制裁。

ZFが提供するRSSPlusには認証回避の脆弱性が存在します。

The eSentire Threat Response Unit (TRU) revealed that threat actors are actively exploiting a six-year-old IIS vulnerability in Progress Telerik UI for ASP.NET AJAX to gain remote access to systems. This vulnerability, identified as CVE-2019-18935, allows attackers to execute arbitrary code on vulnerable servers, posing a significant risk to organizations that have not updated their […]

The post Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access appeared first on Cyber Security News.

A critical security vulnerability has been identified in nearly all Microsoft Sysinternals tools, presenting a significant risk to IT administrators and developers who rely on these utilities for system analysis and troubleshooting. This vulnerability, outlining how attackers can exploit DLL injection techniques to execute malicious code, has been meticulously researched, verified, and demonstrated in a […]

The post 0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows appeared first on Cyber Security News.

波兰警方上周逮捕了批准使用政府资金购买间谍软件监视反对派领导人的前司法部长 Piotr Pogonowski。他是在 2015-2023 年之间右翼的法律与公正党执政时期担任该职位。目前波兰的执政联盟包括了公民纲领党和多个中间派政党。去年 2 月担任波兰总理的公民纲领党主席 Donald Tusk 公布了文件证明前执政党非法使用了以色列公司 NSO Group 的间谍软件 Pegasus 去监视反对派。Pegasus 能通过零点击漏洞感染目标设备，能完全控制被感染设备，提取设备上的密码、照片、消息、联系人和浏览历史记录，激活麦克风和摄像头进行实时窃听。波兰有近 600 人成为该间谍软件的目标，其中包括多位前任政府的反对者。

Attacks Hit Hospitals, Clinics in California, Alabama and Colorado
Three healthcare entities - including a California hospital and outpatient care provider, an Alabama cardiology practice, and a Colorado community health system, are notifying a total of more than 1.2 million individuals that their sensitive information was compromised in 2024 hacks.

FIs Expected to Move from Periodic Reviews to Perpetual KYC
Banks are struggling to keep up with evolving KYC expectations. Despite efforts to modernize, outdated processes continue to leave compliance gaps, leading to increased regulatory action. Penalties for financial institutions surged with KYC-related fines more than doubling to $51 million.

2025 年 10 月 4 日，自由软件基金会（FSF）将迎来 40 周岁生日。为庆祝成立 40 周年，FSF 宣布将举办一系列虚拟拍卖活动，活动始于 3 月 17 日，将持续到 3 月 21 日。拍卖的纪念品包括了 Etienne Suvasa 创作的 GNU 计划 logo 原图、terminus-est 微计算机以及 FSF 办公室早期使用的 Amiga 3000UX，FSF 创始人 Richard Stallman 的互联网名人堂奖章，以及被用于为计算机用户自由而战的传奇武士刀，等等。

A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.  This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions.  The vulnerability has been assigned a severity score of 9.0, underscoring its significant […]

The post Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with international cybersecurity authorities, has issued comprehensive guidance aimed at securing network edge devices.  These devices, which include firewalls, routers, VPN gateways, Internet of Things (IoT) devices, internet-facing servers, and operational technology (OT) systems, are critical to maintaining the security and integrity of enterprise networks. The […]

The post CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers appeared first on Cyber Security News.

作者：洺熙 原文链接：https://mp.weixin.qq.com/s/KwGQs03opjRV04zOjgg9Qg 随着 AI 热度的不断攀升，人们对 AI 安全性的担忧也日益加剧。在此背景下，红队测试被寄予厚望，被视为解决 AI 安全问题的关键手段之一，但在与朋友交流过程中，发现许多被冠以 “红队评估” ，却存在诸多问题，这些活动往往目标不明确，方法五花八门，缺乏统一的标准，难以有效...

Framework 与 DeepComputing 合作推出了售价 199 美元、面向开发者的 RISC-V 主板。它同时还推出了配套的售价 399 美元的无主板笔记本组件，包括显示屏、55 WHr 电池、扬声器和键盘，可用于安装 RISC-V 主板或其它 Framework Laptop 13 型号主板。Framework 的笔记本电脑以模块化著称，用户可自行更换和升级几乎所有组件。DeepComputing RISC-V 主板使用了一个 StarFive JH7110 处理器，包括 4 个 1.5 GHz SiFive U74 CPU 核心，支持 Ubuntu 24.04 LTS 或 Fedora 41 系统，由 DeepComputing 提供技术支持。它没有提供可更换的内存条和存储器，而是使用了焊死在主板上的 8GB 内存条和 64GB eMMC 存储器，主要用于开发者的测试。