Aggregator

A vulnerability has been found in TP-LINK Archer C20 up to 6.6_230412 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cgi. The manipulation leads to improper authentication. This vulnerability is known as CVE-2024-57049. The attack can be launched remotely. There is no exploit available.

Trend Micro found that Chinese espionage group Mustang Panda is deploying malware via legitimate Microsoft tools, enabling it to bypass ESET antivirus applications

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.77/6.12.13/6.13.2/6.14-rc1. Affected is the function qdisc_tree_reduce_backlog of the component netem. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-21703. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1. This issue affects some unknown processing of the component pfifo_tail_enqueue. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2025-21702. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

OpenSSH修复了两个高危漏洞，可能导致中间人攻击和DoS攻击，威胁敏感数据和关键服务器。用户需立即升级至9.9p2版本以防范风险。

Яндекс Браузер зафиксировал рост атак на 20% по сравнению с декабрем.

Amazon GuardDuty is often referred to as the security hub of Amazon’s cloud ecosystem. It provides advanced threat detection by analyzing run-time (OS-level) activities, network traffic logs, and security events. Amazon describes it as “a single runtime monitoring solution for your compute on AWS.”  In our latest Veriti research, we analyzed Amazon GuardDuty logs to […]

The post Inside Amazon GuardDuty: What the Logs Reveal About Cloud Security  appeared first on VERITI.

The post Inside Amazon GuardDuty: What the Logs Reveal About Cloud Security  appeared first on Security Boulevard.

A vulnerability classified as critical was found in undsgn Uncode Core Plugin up to 2.9.1.6 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-13689. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Netgear DGN2200 up to 1.0.0.46. This affects an unknown part. The manipulation of the argument x with the input 1.gif leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-57046. It is possible to initiate the attack remotely. There is no exploit available.

澳大利亚北部和东南亚茂密的雨林中生活着一种吸食果实的吸果蛾，它的翅膀虽然是扁平光滑的，但通过制造光学幻象，让自己看起来像一片三维的树叶，甚至有凸起的中脉。吸果蛾伪装成树叶的形状是为了欺骗捕食者，尤其是鸟类，让其以为它不是食物。虽然吸果蛾在1877年就被首次发现，但直到现在，人们还认为这种相似是由色素和身体形状造成的。西澳大利亚大学珀斯分校的生物学家 Jennifer Kelley 表示，吸果蛾翅膀的鳞片是一种纳米结构，模仿了光滑弯曲的叶子表面上的高光，这是一种结构着色，与彩虹形成的机制相同。

Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster. Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel. This new feature enhances cybersecurity professionals’ ability to quickly understand and assess vulnerabilities, addressing a […]

The post Intruder Expands ‘Intel’ Vulnerability Intelligence Platform with AI-Generated CVE Descriptions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Boomi unveiled its API Management (APIM) solution, delivering cloud-scale APIM alongside integration and automation, data management, and AI capabilities as part of the Boomi Enterprise Platform. Comprised of Boomi’s existing API Management offering along with assets recently acquired from both Cloud Software Group and APIIDA, Boomi API Management enables enterprises to conquer API chaos, power agentic AI, and unleash their business potential – transforming APIs into strategic drivers of growth. According to IDC, organizations with … More →

The post Boomi API Management helps enterprises tackle API sprawl appeared first on Help Net Security.

A vulnerability classified as problematic was found in Teamwire Desktop Client up to 2.4.0 on Windows. This vulnerability affects unknown code of the component Global Search. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-24275. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Teamwire Desktop Client up to 2.4.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument chat name/message preview/username/group name leads to cross site scripting. This vulnerability was named CVE-2024-24276. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Santesoft Sante FFT Imaging up to 1.4.1. Affected is an unknown function of the component DCM File Handler. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2024-1696. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Google Android. It has been rated as problematic. Affected by this issue is the function ss_ProcessRejectComponent of the file ss_MmConManagement.c. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-22011. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.