Aggregator

A vulnerability, which was classified as problematic, has been found in Netis WF2880 2.1.40207. This issue affects the function FUN_00471994 of the file cgitest.cgi. The manipulation of the argument wl_base_set leads to denial of service. The identification of this vulnerability is CVE-2025-50608. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Netis WF2780 2.2.35445. This vulnerability affects the function FUN_0048a728 of the file cgitest.cgi. The manipulation of the argument CONTENT_LENGTH leads to null pointer dereference. This vulnerability was named CVE-2025-50635. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Netty. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTTP2 Handler. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-55163. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in F5 BIG-IP, BIG-IP Next, BIG-IP Next SPK, BIG-IP Next CNF and BIG-IP Next for Kubernetes. This affects an unknown part of the component HTTP2 Handler. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2025-54500. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in F5 NGINX Plus and NGINX Open Source. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Response Header Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-53859. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Yokogawa CENTUM CS 3000 up to R3.07. It has been classified as critical. Affected is an unknown function of the file BKHOdeq.exe. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2014-0783. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Yokogawa CENTUM CS 3000 up to R3.07. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file BKBCopyD.exe. The manipulation leads to memory corruption. This vulnerability is known as CVE-2014-0784. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in SolidWorks Product Data Management 2014. This affects an unknown part of the file pdmwService.exe of the component File Upload. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2014-100015. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Symantec Encryption Management Server up to 3.3.2 MP6 and classified as critical. This issue affects some unknown processing of the component Email Header Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2014-7288. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Smartbear SoapUI up to 4.6.3. It has been classified as critical. This affects an unknown part of the component SOAP. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2014-1202. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

马斯克(Elon Musk)威胁对苹果采取法律行动，指控苹果操纵 App Store 排名，偏袒 ChatGPT 而非 Grok。马斯克声称苹果的行为使得除 OpenAI 之外没有其它 AI 公司能登顶 App Store 排行榜。这一指控并不正确， 今年曾有两款 AI 应用短时间内超越 ChatGPT：中国的 Deepseek 以及 Perplexity。苹果没有回应马斯克的指控，但 OpenAI 回应了，OpenAI CEO Sam Altman 援引 Platformer 的报道称，埃隆马斯克构建了一个特殊系统确保他的帖子在 X 上被用户优先看到，他操纵 X 为自己和公司谋利，损害竞争对手和他不喜欢的人的利益。

AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated campaign involving the massive dissemination of SmartLoader malware through GitHub repositories designed to mimic legitimate software projects. These repositories target users searching for popular illicit content such as game cheats, software cracks, and automation tools, appearing at the top of search results on platforms like Google […]

The post SmartLoader Malware Masquerades as Legitimate GitHub Repository to Infect Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system

A critical RCE vulnerability in Erlang’s OTP SSH daemon has been identified that allows unauthenticated command execution

Bronbeek stond vandaag stil bij de slachtoffers van de oorlog in Nederlands-Indië. Daarnaast eert het museum dit jaar, 80 jaar na de bevrijding, onbekende helden zoals Pieter de Kock. Zijn moed in het regenwoud van Nieuw-Guinea werd een symbool van verzet.

​AI 驱动的「印钞机」再提速。

Инженеры создали летающую тележку для перевозки клеток и микросхем без прикосновений.

If you think phishing is just clicking a bad link and landing on a fake login page, Tycoon2FA will prove you wrong. This new wave of phishing-as-a-service isn’t playing the old game anymore; it’s running a 7-stage obstacle course built to wear down both humans and machines. It’s already slipping past trusted security tools. If […]

The post New Multi-Stage Tycoon2FA Phishing Attack Now Beats Top Security Systems appeared first on Cyber Security News.

Google 向美国和印度用户推出名为“Preferred Sources”的新功能，允许用户从搜索结果中选择自己喜欢的新闻网站和博客，之后用户会在搜索结果中看到更多来自自己喜欢内容源的内容。但 Google 此举被认为和社交平台算法类似，限制用户的选择，将用户困住回音室里，而高质量的搜索结果需要的是更多元化的内容源，而不是更少的内容源。用户搜索需要的不是偏爱的内容源，而是减少低质量的内容源，用黑名单限制低质量内容源。

German Manufacturing Company Data Sale, 188,000+ Records Allegedly for Sale