Aggregator

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The identification of this vulnerability is CVE-2025-2717. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsf_base64_encode_simple. The manipulation of the argument size_t leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2721. An attack has to be approached locally. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. This vulnerability was named CVE-2025-2722. Local access is required to approach this attack. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been rated as critical. This issue affects the function gsf_property_settings_collec. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-2723. Attacking locally is a requirement. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. This vulnerability is traded as CVE-2025-2724. It is possible to launch the attack on the local host. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2715. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure but did not respond in any way.

NetFoundry unveiled a new version of its OT security platform enabling customers to secure critical infrastructure, including for on-premises and air-gapped environments such as substations. The announcement meets three customer demands: Software-only, interoperable, vendor-neutral, OT microsegmentation Secure connectivity to IT and OEMs, without exposing the OT network while mitigating against data exfiltration Reduced costs of firewalls, SIEM, SOAR, analytics, data lakes and storage “NetFoundry secures critical infrastructure on three continents, so we listen to our … More →

The post NetFoundry OT security platform protects critical infrastructure appeared first on Help Net Security.

未成年人在面对“乱花渐欲迷人眼”的网络信息时缺少相应的过滤能力，很容易在不知不觉间沉迷其中。对此，加强网络伦理、网络文明建设，发挥道德教化引导作用，用人类文明优秀成果滋养网络空间，显得尤为重要。

某互联网企业高管13岁的女儿“开盒”网暴他人却被“反开盒”。这场闹剧，像一面照妖镜，映射出数字时代个人信息安全形势不容乐观。公众的追问集中在：小小年纪，是怎么轻易拿到别人隐私信息的？

为实现场景数据价值效用的乘数倍增与充分释放，亟需打通我国关联领域目前在数据供给、数据流通、数据评估、数据标准、数据开放、数据共享等层面的堵点，以“场景化加工能力”与“多样化共享体系”两大要点共同构建具有国际化样板意义的高质量场景数据集。

《人工智能生成合成内容标识办法》及其配套国家强制性标准《网络安全技术 人工智能生成合成内容标识方法》，是对我国人工智能算法治理体系的进一步完善。

近年来，人脸识别技术不断取得突破，因其高效便捷而被广泛使用，并迅速融入人们的日常生活。这项技术正以前所未有的速度重塑着人们的生活方式，极大地提升了社会运行效率。然而，人脸识别技术在广泛应用过程中，也存在着不容忽视的安全隐患。

根据工作需要，按照《事业单位人事管理条例》和事业单位公开招聘有关政策规定，中国信息安全测评中心2025年度拟公开招聘工作人员。

Currently trending CVE - Hype Score: 3 - ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can ...

Currently trending CVE - Hype Score: 1 - VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process ...

A vulnerability was found in Kubernetes ingress-nginx up to 1.11.4/1.12.0. It has been classified as very critical. This affects an unknown part. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-24514. It is possible to initiate the attack remotely. There is no exploit available.

A cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station. The Record Media first reported the news of a cyber attack on Ukraine’s national railway operator Ukrzaliznytsia that disrupted online ticket services, causing long lines at Kyiv’s station. The incident led to overcrowding and long delays as […]

Создатель фиктивного ИИ привлёк $33 млн через схему взаимных платежей.

Google 和计算机历史博物馆联合公布了 AlexNet 的源代码，代码发布在博物馆的 GitHub 账户上，采用 BSD 2-Clause "Simplified" 许可证。AlexNet 是一种卷积神经网络 (CNN)，它在 2012 年发布时被认为改变了 AI 领域，代表着深度学习能做到传统 AI 技术无法做到的事情，在 AI 发展中具有里程碑意义。AlexNet 能以接近人类的正确率准确识别照片中的物体。它源自多伦多大学研究生 Alex Krizhevsky、Ilya Sutskever 及其导师 Geoffrey Hinton 的工作，证明深度学习能胜过传统的计算机视觉方法。Google 在 2013 年收购了研究团队创办的 DNNresearch 公司，从而拥有了其知识产权。

A vulnerability classified as critical was found in Apple iOS and iPadOS. Affected by this vulnerability is an unknown functionality of the component Web Contents Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-27808. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.