Aggregator

A vulnerability described as critical has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-9482. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2025-9481. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared innocuous at first glance, often masquerading as utility or government apps in high-risk […]

The post Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof appeared first on Cyber Security News.

A vulnerability identified as critical has been detected in Microsoft Windows 2019/2022/2025/2016/2012 R2. Affected is an unknown function of the component Storage. This manipulation causes race condition. This vulnerability is handled as CVE-2025-55231. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

复旦大学CodeWisdom团队荣获HitchOpen世界AI竞速锦标赛仿真复赛冠军！团队通过优化Pure Pursuit算法、自适应PID控制及激进速度规划，实现单圈效率大幅提升，最终以每圈领先6秒的绝对优势夺冠。

Submit #634823 / VDB-321398

Submit #634820 / VDB-321397

Submit #634819 / VDB-321396

Submit #634818 / VDB-321226

文章强调了在网络安全中“人为因素”的重要性，并提供了构建高效应急响应团队的方法。通过系统性地培养团队的行为、认知和关系能力，结合模拟训练、领导力发展和持续学习，确保团队在高压环境下能够有效应对危机。

A vulnerability labeled as critical has been found in Delta Electronics COMMGR up to 2.9.0. The impacted element is an unknown function. Executing manipulation can lead to code injection. The identification of this vulnerability is CVE-2025-53419. The attack may be launched remotely. There is no exploit available.

Submit #633692 / VDB-277211

苹果指控前 Apple Watch 员工 Chen Shi 博士为新雇主 Oppo 窃取了其智能手表的商业机密，而 Oppo 则否认有任何不当行为。苹果在诉讼文件中称，加盟 Oppo 之前 Chen Shi 参加了数十场 Apple Watch 团队技术人员的会议，了解其工作，并从一个受保护的 Box 文件夹中下载了 63 份文档，传输到 U 盘。Chen Shi 曾向 Oppo 发送消息表示自己正在尽可能的收集信息。离职前他使用苹果发的 MacBook 笔记本电脑搜索“如何清除 MacBook 数据”，“他人能否看到我打开了共享驱动器上的文件？”等关键词。Chen Shi 担任过苹果公司传感器系统架构师，目前领导着 Oppo 的一个传感技术团队。在给苹果的辞职信中，Shi 表示他是因为个人和家庭原因而离职。通过提供给 Shi 的工作用 iPhone 手机上留下的信息，苹果发现 Oppo 鼓励 Shi 收集苹果的商业机密。

苹果起诉前员工陈世博士窃取智能手表商业机密并泄露给OPPO，指控其下载63份受保护文件并在离职前搜索删除数据方法。陈世否认指控并称离职因个人原因，但苹果发现OPPO鼓励其收集机密信息。

A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive portal hijack that redirected browsers to malicious domains, where an HTTPS-secured landing page prompted users […]

The post Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection appeared first on Cyber Security News.

A vulnerability identified as critical has been detected in Delta Electronics COMMGR up to 2.9.0. The affected element is an unknown function. Performing manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2025-53418. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as problematic has been discovered in Delta Electronics EIP Builder up to 1.11. Impacted is an unknown function of the component File Parser. Such manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2025-57704. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Welotec EG400Mk2-D11001-000101, EG400Mk2-D11101-000101, EG503W, EG503L, EG503W_4GB, EG503L_4GB, EG503L-G, EG500Mk2-A11101-000101, EG500Mk2-A11001-000101, EG500Mk2-B11101-000101, EG500Mk2-B11001-000101, EG500Mk2-C11101-000101, EG500Mk2-C11001-000101, EG500Mk2-A12011-000101, EG500Mk2-A11001-000201, EG500Mk2-A21101-000101, EG602W, EG602L, EG603W Mk2, EG603L Mk2, EG802W, EG804W, EG802W_i7_512GB_DinRail, EG802W_i7_512GB_w, o DinRail and EG804W Pro up to 1.7.6/1.8.1. It has been rated as very critical. This issue affects some unknown processing. This manipulation causes use of hard-coded cryptographic key . This vulnerability is handled as CVE-2025-41702. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

当前环境出现异常问题，需完成验证后方可继续访问服务。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。