Aggregator

荣登AI Cloud 100 China榜单，微步AI实力见证！

日益复杂的网络威胁环境下，韧性数字体系该如何构建？

A groundbreaking AI jailbreak technique, dubbed the “Echo Chamber Attack,” has been uncovered by researchers at Neural Trust, exposing a critical vulnerability in the safety mechanisms of today’s most advanced large language models (LLMs). Unlike traditional jailbreaks that rely on overtly adversarial prompts or character obfuscation, the Echo Chamber Attack leverages subtle, indirect cues and […]

The post New Echo Chamber Attack Breaks AI Models Using Indirect Prompts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace also gives practical advice for those looking to build a lasting career in cybersecurity. Let’s start with your perspective. How would you describe the current state of work-life balance in cybersecurity leadership? Work-life balance is challenging … More →

The post Why work-life balance in cybersecurity must start with executive support appeared first on Help Net Security.

A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s insecure search path behavior, allowing unprivileged users to escalate privileges to NT AUTHORITY\SYSTEM with minimal user interaction. This marks one of the most severe vulnerabilities discovered in the popular text editor, with […]

The post Notepad++ Vulnerability Allows Full System Takeover — PoC Released appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish. The platform simplifies tasks and makes it easier for teams to work together, cutting down the time it takes to go from initial research to the final report without sacrificing the quality of the work. What you can do with Reconmap Run security commands right away or … More →

The post Reconmap: Open-source vulnerability assessment, pentesting management platform appeared first on Help Net Security.

株式会社GROWIが提供するGROWIには非効率な正規表現を使用して入力を処理している箇所があり、細工された入力によってサービス運用妨害（DoS）状態を引き起こされる可能性があります。

A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. The manipulation of the argument qty leads to sql injection. This vulnerability is handled as CVE-2025-6316. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. This issue affects some unknown processing of the file /admin/add-teacher.php. The manipulation of the argument tsubject leads to sql injection. The identification of this vulnerability is CVE-2025-6319. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. This vulnerability is traded as CVE-2025-6320. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-6328. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Euro FxRef Currency Converter Plugin up to 2.0.2 on WordPress. It has been rated as problematic. This issue affects the function currency of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-6257. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Postbox 7.0.65 on macOS. This vulnerability affects unknown code of the component com.apple.security.cs.disable-library-validation. The manipulation of the argument DYLD_INSERT_LIBRARIES leads to incorrect default permissions. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-5963. The attack needs to be approached locally. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Core.ai Phoenix Code up to 4.0.3. This issue affects some unknown processing of the component com.apple.security.cs.disable-library-validation. The manipulation of the argument DYLD_INSERT_LIBRARIES leads to incorrect default permissions. The identification of this vulnerability is CVE-2025-5255. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. This vulnerability is known as CVE-2025-6321. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visit.php. The manipulation of the argument gname leads to sql injection. This vulnerability is handled as CVE-2025-6322. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as very critical, was found in powsybl-core up to 6.7.1. This affects the function read of the component SparseMatrix. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-47771. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-6317. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. This vulnerability affects unknown code of the file /admin/check_availability.php. The manipulation of the argument Username leads to sql injection. This vulnerability was named CVE-2025-6318. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. This vulnerability is known as CVE-2025-6287. The attack can be launched remotely. Furthermore, there is an exploit available.