Aggregator

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-2689. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-2690. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. This vulnerability is handled as CVE-2025-2699. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2700. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. This vulnerability was named CVE-2025-2701. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

让产品和技术回归到解决现实问题的本质。

零基础也能学！掌握VMProtect加密原理与逆向实战技巧

黑客攻击Oracle云服务，六百万数据被窃取，Oracle官方否认

看雪论坛作者ID：默文

iProov launched iProov Workforce MFA. This device-independent, FIDO Alliance-certified, biometric authentication solution helps organizations mitigate the risk of one of workforce security’s most crucial concerns: account takeover. Using biometric authentication as part of an MFA process adds an irrefutable layer of identity confirmation to help organizations prevent significant financial losses, reputational damage, and operational disruptions. The solution can be used in conjunction with passkeys, or independently of the device, enabling it to run on users’ … More →

The post iProov Workforce MFA mitigates risk of account takeovers appeared first on Help Net Security.

前 Facebook/Meta 员工 Sarah Wynn Williams 的新书《Careless People: A Cautionary Tale of Power, Greed, and Lost Idealism》遭到社交巨头的强烈反对，认为该书充斥着谎言。3 月 12 日，紧急仲裁员站在 Meta 这边，认为 Wynn Williams 可能违反了离职时与 Facebook 签订的“不贬低”合同，禁止她继续售卖或宣传这本书。出版商 Macmillan 坚持出版该书，认为仲裁令对它没有影响。Meta 的反对推动本书成为畅销书，目前它位居《纽约时报》畅销书排行榜第一名，亚马逊畅销书排行榜第三名。仲裁令还禁止 Wynn Williams 接受纸媒和广播新闻媒体的采访，她在上周递交了紧急动议，寻求推翻仲裁令，称其离职时签署的不贬低条款是不可执行的，违反了保护告密者免受报复的法律。

攻击者利用可信托管服务，频繁更新页面，威胁用户输入凭证，亟需警惕。