Aggregator

生成式人工智能快速发展，迅速成为全球人工智能领域的焦点，以生成式人工智能为代表的新型技术在释放生产要素价值过程中发挥重要作用。同时，生成式人工智能强大的学习效率与数据处理能力也带来诸多挑战和安全风险。

根据工作需要，《中国信息安全》杂志社现面向社会公开招聘工作人员2名。报名有关事项如下……

攻击动机不明

在过去几个月的时间里此类攻击骤升

Bitsight reveals that UK companies are more exposed to cyber risk than global peers via their digital supply chains

Биржа закрывает лазейку для отмывания миллионов группы Lazarus.

Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability in the Linux kernel that has remained undetected for seven years.  The vulnerability, which affects the TCP subsystem, could potentially allow attackers to execute remote code with kernel privileges. Use-after-free Linux Kernel Vulnerability The flaw stems from a race condition […]

The post PoC Exploit Released for Use-after-free Linux Kernel Vulnerability appeared first on Cyber Security News.

Attackers increasingly leverage AI-powered exploitation and can quickly identify vulnerable systems, infiltrate networks unnoticed and move laterally to compromise critical assets.

The post The Future of Enterprise Security: AI-powered Lateral Defense in a Dynamic Threat Landscape appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to Cross site scripting. This vulnerability is uniquely identified as CVE-2025-2491. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Currently trending CVE - Hype Score: 1 - An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and ...

Currently trending CVE - Hype Score: 1 - The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.

Currently trending CVE - Hype Score: 1 - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into ...

Currently trending CVE - Hype Score: 1 - The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the ...

Currently trending CVE - Hype Score: 1 - The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to Cross site scripting. This vulnerability is handled as CVE-2025-2490. The attack may be launched remotely. Furthermore, there is an exploit available.

本文中主要集中在hutool这一常用组件中，在动态代理以及JDBC attack这两个角度在利用过程中可能存在的一部分链子。

Submit #517269 / VDB-299997

Submit #517268 / VDB-299996

Submit #517267 / VDB-299996

A vulnerability was found in MongoDB libbson and Server. It has been declared as critical. Affected by this vulnerability is the function bson_append functions. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-0755. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.