Aggregator

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been declared as critical. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg of the component Packet Handler. The manipulation of the argument timeZone leads to denial of service. This vulnerability was named CVE-2025-29360. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been classified as critical. This affects an unknown part of the file /goform/saveParentControlInfo of the component Packet Handler. The manipulation of the argument deviceId leads to denial of service. This vulnerability is uniquely identified as CVE-2025-29359. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetFirewallCfg of the component Packet Handler. The manipulation of the argument firewallEn leads to denial of service. This vulnerability is handled as CVE-2025-29358. The attack may be launched remotely. There is no exploit available.

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

Alleged Data Sale of Corporación Digitel, C.A.

Researchers warn of a “coordinated surge” in the exploitation attempts of SSRF vulnerabilities in multiple platforms. Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting the attackers may be leveraging Grafana as an initial entry point for deeper exploitation. The experts believe the […]

西班牙科学家在一项研究中报告了欧洲西部发现的已知最古老的人族面部骨骼，距今约有 140 万至 110 万年历史。科学界普遍认为，人族至少在 180 万年前最初在亚欧大陆定居。但欧洲西部的早期人族聚居证据很有限，仅限于伊比利亚半岛上一些极为零散的化石样本，这些化石几乎没有提供任何这些人族的外貌和分类线索。西班牙一处遗址的化石可追溯至大约 85 万年前，经鉴定属于先驱人，这一早期人族物种有着与现代人类相似的细长面中部。2007 年，在西班牙北部的 Sima del Elefante 遗址发现了一个 120 万至 110 万年历史的人族下颌骨（命名为 ATE9-1），但无法确定其是否属于先驱人。2022 年西班牙加泰罗尼亚人类古生态学和社会演化研究所的 Rosa Huguet 和同事在 Sima del Elefante 遗址发现了一个人族部分面中部骨骼的化石。这些碎片（统称为ATE7-1）包括了一个成年个体左脸的上颌骨和颧骨的大部分。研究者利用实物证据和 3D 成像技术重建了这些碎片，估计其年龄在 140 万至 110 万年之间。研究者观察到，这些人族骨骼碎片没有出现先驱人化石中的“现代“面中部特征。另外，尽管这些残骸与直立人有一些相似之处，但无法确认它们属于这一类群。因此，他们暂时将这些化石归于直立人近缘种，表明其与直立人的亲缘关系，但还需要进一步证明。这一发现可能意味着在早更新世，欧洲西部曾生活着至少两个人族物种：直立人近缘种和后来的先驱人。

Mozilla has issued an urgent warning to Firefox users worldwide, emphasizing the critical need to update their browsers before March 14, 2025, when a vital root certificate will expire.  This expiration threatens to disable extensions, break DRM-protected content playback, and expose users to significant security risks.  The warning affects millions of Firefox users across multiple […]

The post Mozilla Urging Users to Update Firefox, Else Add-ons Will Stop Working appeared first on Cyber Security News.

Credential theft surged 3× in a year—but AI-powered malware? More hype than reality. The Red Report 2025 by Picus Labs reveals attackers still rely on proven tactics like stealth & automation to execute the "perfect heist." [...]

The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.

walkingdog 写道: 几天前，有消息称微软会在今年年底之前和合作伙伴推出 Xbox 品牌掌机。目前已经有更多 Xbox 品牌掌机细节曝光。总的来说，Xbox 品牌掌机代表着：Windows & Xbox 统一平台、统一的跨平台 Xbox 界面以及让 PC 支持 Xbox 游戏。这款 Xbox 品牌掌机的代号是“Project Kennan”，由华硕生产，“Project Kennan”设备运行Windows 系统，并以类似Xbox的界面进行优化，可以理解为 Windows & Xbox 统一平台。微软还在进行其他项目，如“Project Bayside”，这个项目能确保多个设备之间有统一的 Xbox 用户界面。此外，微软希望通过整合 Windows 和 Xbox，创造一个统一的游戏商店，并帮助开发者轻松跨平台开发游戏。此外，微软还在探索将 Xbox 游戏带到 PC 的可能性。通过类似模拟器技术，微软希望让 Xbox 原版及 Xbox 360 的游戏能够在 PC 上运行。这些技术也将帮助保存和兼容现有的Xbox游戏库。这些变化不仅可能影响未来的Xbox主机，还可能是微软抵御 SteamOS 竞争的战略，特别是在掌机市场上。Valve 的Steam Deck 在掌机领域取得成功，使微软感到压力，因此也加快了对类似硬件的研发，以保持在游戏设备市场的竞争力。

A vulnerability has been found in Tenda RX3 16.03.13.11_multi_TDE01 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/saveParentControlInfo. The manipulation of the argument schedStartTime/schedEndTime leads to denial of service. This vulnerability is known as CVE-2025-29363. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Devolutions Server up to 2024.3.13. Affected is an unknown function of the component Browser Extension Restriction. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-2280. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Devolutions Server up to 2024.3.13. This issue affects some unknown processing of the component Checkout Requests Endpoint. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-2278. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Devolutions Server up to 2024.3.13.0. This vulnerability affects unknown code of the component Web-based SSH Authentication. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-2277. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in Devolutions Remote Desktop Manager up to 2024.3.29.0 on Windows. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-1636. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Devolutions Remote Desktop Manager up to 2024.3.29.0 on Windows. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-1635. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in yaniiliev All-in-One WP Migration and Backup Plugin up to 7.89 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function replace_serialized_values. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-10942. The attack can be launched remotely. There is no exploit available.