Aggregator

HackerNews 编译，转载请注明出处： 美国健康数据管理软件公司Freedman Healthcare（FHC）CEO向Cybernews表示，周一引发广泛关注的勒索攻击中未泄露任何健康数据——但事件似乎另有隐情，因为宣称对此负责的“世界泄密者”（World Leaks）黑客组织已在暗网公开超过52GB敏感数据。 这家为美国二十余个州立公共卫生部门、非营利组织及保险公司提供技术服务的公司，于周一被“世界泄密者”勒索组织宣称攻破。公司CEO约翰·弗里德曼（John Freedman）在周二向Cybernews发送的个人声明中着重强调：“本次事件中没有任何健康数据遭到泄露。” 问题在于，弗里德曼的声明虽可能属实，却未回应黑客宣称的另一关键事实——52.4GB敏感数据已于周二按计划在该组织的暗网泄密博客公开。 泄露数据包含上万份敏感文件 据称此次攻击共窃取42204份文件。经Cybernews核查，泄露数据中存在大量2021至2024年的敏感企业文档与电子表格。泄露文件内容涉及： 年度预算报告与供应商合同 保险文件及客户资料清单 内含FHC州政府客户账户明文登录凭证的数据库 另发现数十份按姓名分类的员工档案，包含： 未加密的工作合同与薪酬单 签证/绿卡/真实身份证申请材料 完整银行流水与税务文件 简历、学历证书副本及新冠检测结果 这些个人身份信息极易被用于实施鱼叉式钓鱼攻击或身份盗用。 公司回应与事实矛盾点 CEO称事件发生于“四月下旬”，仅“影响有限范围的IT系统”。公司声明表示：“已立即聘请外部网络安全专家加固网络并开展全面取证调查”，坚称事件“仅波及单个文件服务器，未涉及任何客户的受保护健康信息”，且“所有恶意文件均被定位清除，系统重新加固”。 黑客组织背景 “世界泄密者”于2025年1月以“勒索即服务”平台形态首次出现。其独特运作模式在于： 不瘫痪受害方系统，专注窃取敏感数据 被证实为知名勒索组织“猎人国际”（Hunter’s International）衍生的分支项目 通过放弃传统加密勒索、仅实施数据勒索降低执法关注度 据Cybernews勒索追踪器（Ransomlooker）显示： “猎人国际”过去12个月发起166次攻击 “世界泄密者”平台年初至今累计曝光22名受害者（半数位于美国） 尽管“猎人国际”曾宣布关闭业务并重组为“世界泄密者”，安全机构Group-IB指出两者目前仍在同步运作。       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in yimioa 6.1. It has been declared as critical. This vulnerability affects the function listNameBySql of the file /xml/UserMapper.xml. The manipulation leads to sql injection. This vulnerability was named CVE-2025-25580. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in yimioa 6.1. It has been rated as critical. This issue affects some unknown processing of the file /mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-25590. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in yimioa 6.1. Affected is an unknown function of the file /config/WebSecurityConfig.java. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-25585. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Aspera Console up to 3.4.4. It has been classified as critical. This affects an unknown part of the component XML Document Handler. The manipulation leads to xml injection. This vulnerability is uniquely identified as CVE-2022-43840. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitHub Enterprise Server up to 3.13.13/3.14.10/3.15.5/3.16.1. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2025-3509. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in langgenius dify up to 0.6.12. It has been classified as critical. Affected is an unknown function of the file /export. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-32790. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in langgenius dify up to 0.6.11 and classified as critical. This vulnerability affects unknown code of the component Role-Based Access Control. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-32795. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sacco Management system 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /sacco/ajax.php. The manipulation of the argument Password leads to sql injection. This vulnerability was named CVE-2023-44755. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Open5GS UPF up to 2.7.2. This affects an unknown part of the component PFCP Session Handler. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2025-29339. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Qimou CMS 3.34.0 and classified as critical. Affected by this issue is some unknown functionality of the file upgrade.php. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-29058. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Linux Kernel up to 6.8.8 and classified as problematic. Affected by this vulnerability is the function btrfs_ioctl_logical_to_ino in the library lib/usercopy.c. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-35849. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Firefox. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-0755. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Thunderbird. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-0755. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 115.6. It has been declared as problematic. This vulnerability affects unknown code of the component Devtool Extension Handler. The manipulation leads to improper privilege management. This vulnerability was named CVE-2024-0751. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 115.6. It has been rated as problematic. This issue affects some unknown processing of the component Devtool Extension Handler. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2024-0751. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 115.6. Affected is an unknown function of the component HSTS Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-0753. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mozilla Thunderbird up to 115.6. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-0753. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Popup Notification Handler. The manipulation leads to clickjacking. This vulnerability is known as CVE-2024-0750. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.