Aggregator

A vulnerability, which was classified as critical, has been found in Dell PowerProtect Data Domain. Affected by this issue is some unknown functionality. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-30096. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical was found in Dell PowerProtect Data Domain. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-30099. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as critical has been found in Dell PowerProtect Data Domain. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-30098. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in DrayTek AP903, AP912C and AP918R. It has been rated as problematic. This issue affects some unknown processing of the file clients.conf of the component Setting Handler. The manipulation of the argument secret leads to weak password requirements. The identification of this vulnerability is CVE-2025-44643. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Dell Unity up to 5.5.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2025-36604. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell PowerProtect Data Domain. It has been classified as critical. This affects an unknown part. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2025-36594. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Dell Unity up to 5.5.0 and classified as critical. Affected by this issue is some unknown functionality of the component svc_nfssupport. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-36606. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Dell Unity up to 5.5.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component svc_nas. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-36607. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

根据发表在柳叶刀期刊上的一则评论，专家警告全球塑料危机，认为塑料每年造成的健康相关损失达到至少 1.5 万亿美元。自 1950 年以来，塑料产量增长了 200 多倍，到 2060 年塑料产量将达到每年 10 亿吨以上。结果是整个地球从从珠穆朗玛峰顶到最深的海沟都被塑料污染，全世界目前的塑料垃圾重达 80 亿吨。而不到 10% 的塑料被回收。塑料会导致空气污染和接触有毒化学物质，而微塑料则能渗透进人体。塑料污染甚至会增加携带疾病的蚊子，因为散落各地的塑料捕获的水为蚊子提供了良好的繁殖场所。石油公司和塑料行业认为，对抗塑料污染的重点应放在回收塑料而不是削减产量上。

CTM360 has discovered a new global malware campaign dubbed "FraudOnTok" that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds. [...]

The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...]

Пароли, карты, криптовалюта — ничто не ускользает от их алгоритмов.

最近大模型（LLMs）除了被单独用作聊天机器人之外，还因为其卓越的通用能力，被人们进一步集成到各种系统里。 这些以 LLM 作为核心执行引擎的系统有更丰富的功能，也进一步推动了 LLM 系统的快速发展与部署，如配备各种工具、插件的 OpenAI GPT-4、豆包等等。

Windows 静态恶意代码免杀与逃逸技术

Государство начинает считать ваши бизнес-процессы критическими.

Python-based PXA Stealer has stolen data from more than 4000 victims in over 62 countries, according to SentinalLabs

Creator/Author/Presenter: Malachi Walker

Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Something’s Phishy: See The Hook Before The Bait appeared first on Security Boulevard.

A vulnerability has been found in CyberPower PowerPanel up to 4.9.0 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component JWT Signing Key Handler. The manipulation leads to use of hard-coded password. This vulnerability is known as CVE-2024-33625. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Frappe up to 14.73.0/15.25.0. It has been rated as problematic. This issue affects some unknown processing of the component Login Page. The manipulation of the argument redirect leads to open redirect. The identification of this vulnerability is CVE-2024-34074. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Catalyst SD-WAN Manager. It has been classified as critical. Affected is an unknown function of the component Web UI. The manipulation leads to argument injection. This vulnerability is traded as CVE-2021-1484. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.