Aggregator

1.Qilin勒索团伙公布了新的受害公司 2.Play勒索团伙公布了新的受害者 3.INC Ransom团伙公布新的受害者

Даже в режиме инкогнито.

Law enforcement authorities from over a dozen countries have arrested 20 suspects in an international operation targeting the production and distribution of child sexual abuse material. [...]

A vulnerability classified as critical has been found in Huawei HarmonyOS 4.3.0/5.0.0. Affected is an unknown function of the component DFile Module. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-48910. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in Huawei HarmonyOS 5.0.0. Affected by this vulnerability is an unknown functionality of the component Note Sharing Module. The manipulation leads to incorrect privilege assignment. This vulnerability is known as CVE-2025-48911. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as critical has been found in Huawei HarmonyOS 5.0.0. Affected is an unknown function of the component IPC Module. The manipulation leads to uncaught exception. This vulnerability is traded as CVE-2025-48907. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been declared as critical. This vulnerability affects unknown code of the component Ability Auto Startup Service. The manipulation leads to unsynchronized access to shared data in a multithreaded context. This vulnerability was named CVE-2025-48908. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been classified as problematic. This affects an unknown part of the component Kernel File System Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-31171. The attack needs to be approached locally. There is no exploit available.

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. This vulnerability is known as CVE-2025-4191. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability classified as critical has been found in SparkLabs Viscosity up to 1.11.4 on macOS. Affected is an unknown function of the component viscosity_openvpn. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-4412. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A proof-of-concept exploit targeting a critical denial-of-service vulnerability in Apache Tomcat has been publicly released, exposing servers running versions 10.1.10 through 10.1.39 to potential attacks.  The exploit, designated as CVE-2025-31650, leverages malformed HTTP/2 priority headers to cause memory exhaustion on vulnerable Tomcat instances.  Security researcher Abdualhadi Khalifa developed and published the exploit code on June […]

The post PoC Exploit Released for Apache Tomcat DoS Vulnerability appeared first on Cyber Security News.

复旦大学等团队在《科学》上报告，借助脑机接口等技术，新一代视觉假体不仅使失明动物恢复可见光视力，还可扩展其视觉功能，这为失明患者复明提供了新可能。研究显示，该团队开发出全球首款光谱覆盖范围极广（470-1550nm，从可见光延伸至近红外二区）的视觉假体，该假体无需依赖任何外部设备，即可使失明动物模型恢复可见光视觉能力，还能赋予动物感知红外光，甚至识别红外图案的“超视觉”功能，也就是在黑暗中也能看见事物。在非人灵长类动物（食蟹猴）模型上的实验验证了该假体的有效性。植入半年后，动物模型均未观察到任何不良排异反应，这为后续推进临床应用转化奠定了重要基础。考虑到目前医学伦理的限制，研究暂时不会进入临床试验阶段。

A vulnerability classified as very critical has been found in B. Braun OnlineSuite 3.0. This affects an unknown part. The manipulation leads to relative path traversal. This vulnerability is uniquely identified as CVE-2025-3365. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in B. Braun OnlineSuite 3.0. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of special elements used in an expression language statement. This vulnerability is handled as CVE-2025-3322. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-5799. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-5798. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Cisco Talos has uncovered a sophisticated and destructive cyberattack targeting a critical infrastructure entity in Ukraine, deploying a previously unknown wiper malware dubbed “PathWiper.” This attack, attributed with high confidence to a Russia-nexus advanced persistent threat (APT) actor, showcases the persistent and evolving threat to Ukrainian critical infrastructure amid the ongoing Russia-Ukraine conflict. The attackers […]

The post New pathWiper Malware Targets Critical Infrastructure to Deploy Admin Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Laundry Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The identification of this vulnerability is CVE-2025-5797. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. This vulnerability was named CVE-2025-5796. The attack can be initiated remotely. Furthermore, there is an exploit available.