Aggregator

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. [...]

A critical vulnerability in Apple’s AirPlay protocol, dubbed AirBorne, has exposed over 2.35 billion active Apple devices and tens of millions of third-party gadgets to remote code execution (RCE) attacks requiring no user interaction. Researchers at Oligo Security discovered that the flaw allows attackers on the same Wi-Fi network to hijack devices ranging from Macs […]

The post AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi appeared first on Cyber Security News.

研究发现，生成式 AI 如 ChatGPT、Claude 和 Gemini 并没有取代人类工作或者降低人类员工的薪水。这一发现质疑了构建和运营生成式 AI 的高昂资本支出。经济学家 Anders Humlum 和 Emilie Vestergaard 研究了 AI 聊天机器人对丹麦 11 个职业的影响。会计师、客户支持专家、财务顾问、人力资源、IT 支持专家、记者、法务、市场营销、办公室文员、程序员和教师等职业被认为易受 AI 影响。但研究结果显示， AI 聊天机器人对劳动力市场和薪水的影响微乎其微，没有观察到存在显著影响。科技行业一直宣称 AI 的经济潜力，企业投入了数十亿美元建设支持 AI 的基础设施。问题不在于员工们回避生成式 AI 聊天机器人，而是它们尚未转化为实际的经济效益。

A vulnerability has been found in GNOME gdk-pixbuf up to 2.42.1 and classified as problematic. Affected by this vulnerability is the function write_indexes of the file lzw.c of the component LZW Compression Handler. The manipulation leads to infinite loop. This vulnerability is known as CVE-2020-29385. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OS4ED openSIS up to 9.1 and classified as critical. Affected by this issue is some unknown functionality of the file /attendance/AttendanceCodes.php. The manipulation of the argument table leads to sql injection. This vulnerability is handled as CVE-2025-22925. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in OS4ED openSIS up to 9.1. It has been declared as critical. This vulnerability affects unknown code of the file /modules/students/Student.php. The manipulation of the argument stu_id leads to sql injection. This vulnerability was named CVE-2025-22924. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in B-Link BL-AC2100 up to 1.0.4. Affected is the function set_LimitClient_cfg. The manipulation of the argument time1/time2 leads to command injection. This vulnerability is traded as CVE-2025-29062. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in B-Link BL-AC2100 up to 1.0.4. Affected by this issue is some unknown functionality of the file /goform/set_hidessid_cfg. The manipulation of the argument enable leads to command injection. This vulnerability is handled as CVE-2025-29063. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in tauri-apps plugins-workspace up to 2.2.0 on Linux and classified as very critical. This vulnerability affects unknown code of the component Open Endpoint. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-31477. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Drupal Obfuscate up to 2.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-3130. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Jenkins. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-31721. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Jenkins Templating Engine Plugin up to 2.5.3. Affected by this issue is some unknown functionality. The manipulation leads to sandbox issue. This vulnerability is handled as CVE-2025-31722. The attack can only be initiated within the local network. There is no exploit available.

New Zealand Model Brings Cyber and Fraud Teams Together to Defend Against Scammers
To help financial institutions counter crime, the FS-ISAC earlier this month introduced a major initiative: the Cyberfraud Prevention Framework. This new initiative is designed to unify cybersecurity and fraud prevention teams to more effectively protect customers and secure the enterprise.

New Zealand Model Brings Cyber and Fraud Teams Together to Defend Against Scammers
To help financial institutions counter crime, the FS-ISAC earlier this month introduced a major initiative: the Cyberfraud Prevention Framework. This new initiative is designed to unify cybersecurity and fraud prevention teams to more effectively protect customers and secure the enterprise.

The current offline/open source model boom is unstoppable. Its impact depends on how well the risks are managed today.

Administrators of a Telegram channel named CoderSharp have been advertising Gremlin Stealer since March 2025

A vulnerability, which was classified as critical, has been found in Google Chrome. This issue affects some unknown processing of the component Content Security Policy. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2022-3056. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Storage. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2022-3195. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component Mojo. The manipulation leads to sandbox issue. This vulnerability is traded as CVE-2022-3075. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.