Aggregator

A vulnerability was found in Zoom Workplace Desktop App, Workplace App, VDI Client, Rooms Controller, Rooms Client and Meeting SDK up to 6.2.x. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2025-27439. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM AIX and VIOS and classified as problematic. Affected by this issue is some unknown functionality of the component perfstat Kernel Extension. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-47102. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM AIX and VIOS. Affected is an unknown function of the component TCP IP Kernel. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-52906. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SolarWinds Serv-U up to 15.5. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-45712. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. Affected is an unknown function of the component USB. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-3620. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

全球安全专业人员、厂商和政府机构仍可继续依赖CVE项目进行协调一致的漏洞追踪和响应工作。

Growattが提供するCloud portalには、複数の脆弱性が存在します。

For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that may derail the transaction. Strong due diligence, smart risk planning, and a shared security mindset can help keep deals on track and protect the business. Key cybersecurity risks in M&A 1. Inherited vulnerabilities: Acquiring a company means inheriting its existing cybersecurity weaknesses. If the target company has unresolved … More →

The post When companies merge, so do their cyber threats appeared first on Help Net Security.

National Instrumentsが提供するLabVIEWには、境界外書き込みの脆弱性が存在します。

ABBが提供する複数のM2M Gatewayのコンポーネントには、複数の脆弱性が存在します。

到目前为止，Hunters International的运营商已经瞄准了各种规模的公司。

当天晚些时候，还有人在匿名论坛 Kiwi Farms上泄露了 4chan 的 PHP 源代码。

Fastjson 1.2.68 AutoCloseable 利用链深度分析前言众所周知 fastjson 反序列化最主要就是绕过 checkAutoType() 函数，前面无非是通过黑名单以外的类以及 map 缓存来进行利用，但是随着后续版本加入判断反序列化类是否继承或者实现 ClassLoader、DataSource、RowSet 类或接口，大大加深了 jndi 利用的难度。而浅蓝师傅换了条挖

Минцифры не отказывается от идеи сбора за иностранное ПО.

特斯拉被指控远程修改汽车里程表以躲避保修。诉讼由一位加州司机提起，他购买了一辆行驶里程为 36,772 英里的二手特斯拉汽车。由于汽车悬吊系统(Suspension)频繁故障，需要多次维修，原告此时注意到，他每天的行驶里程基本相同，但里程表读数却以更大的幅度上升：他每天行驶 20 英里，但里程表读数却是 72.35 英里/天。可能没有多少人会关注自己的每日里程表读数。当他的汽车里程表超过了 5 万英里后，特斯拉通知他将不再为这辆车提供保修服务。之后里程表上显示的新里程数就恢复了正常。这位特斯拉车主并非唯一注意到这种情况的车主，这也不是特斯拉第一次卷入里程数纂改丑闻，2023 年特斯拉被控在汽车续航上对车主撒谎。

从VIte的入口开始分析

在Spring中仅需Spring-AOP和aspectjweaver两个包即可挖掘的一条链子，让我们来浅浅学习一下吧

A vulnerability, which was classified as critical, has been found in OsamaTaher Java-springboot-codebase. This issue affects some unknown processing of the file /api/v1/customer/profile-picture. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-52302. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious repercussions, such as increased volumes of advanced cyber threats, if they fail to exploit AI due to a lack of clear objectives, inadequate data readiness or misalignment with business priorities. Foundational concepts are vital for constructing a robust AI-readiness framework for cybersecurity. These concepts encompass the organization’s technology, data, security, governance … More →

The post Strategic AI readiness for cybersecurity: From hype to reality appeared first on Help Net Security.

A vulnerability has been found in Mozilla Firefox up to 103 and classified as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2022-38478. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.