Aggregator

CISA has launched a new tool to streamline cyber incident response and aid in adversary eviction

A vulnerability was found in binary-husky gpt_academic on Windows. It has been rated as critical. This issue affects the function blocked_paths. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-11037. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as very critical has been found in vLLM up to 0.6.2. Affected is the function MessageQueue.dequeue of the component API Function Handler. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-11041. It is possible to launch the attack remotely. There is no exploit available.

Технология, которую тянули только супердержавы, теперь влезает в мобильный модуль.

A vulnerability, which was classified as critical, has been found in lm-sys fastchat. Affected by this issue is some unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-12376. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in binary-husky gpt_academic and classified as critical. Affected by this issue is some unknown functionality of the component ZIP Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-12387. The attack may be launched remotely. There is no exploit available.

In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain — like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people.

The Knownsec 404 Advanced Threat Intelligence Team has lately discovered increased activity from the Silver Fox cybercrime gang, which has been using fake versions of popular programs as weapons to spread malware in a complex cyber threat landscape. Tracing back to 2024, these attacks often masquerade as legitimate Google Translate interfaces, employing deceptive JavaScript redirects […]

The post Silver Fox Hackers Exploit Weaponized Google Translate Tools to Deliver Windows Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A massive exposure of Microsoft SharePoint servers to internet-based attacks has been identified, with over 17,000 servers exposed and 840 specifically vulnerable to the critical zero-day vulnerability CVE-2025-53770, according to new findings from Shadowserver Foundation. The vulnerability, dubbed “ToolShell” by researchers, carries a critical CVSS score of 9.8 and allows unauthenticated attackers to execute arbitrary […]

The post 17K+ SharePoint Servers Exposed to Internet – 840 Servers Vulnerable to 0-Day Attacks appeared first on Cyber Security News.

西南财经大学的研究人员在《Regional Science and Urban Economics》期刊上发表论文，分析了中国第一条高铁的环境影响。中国第一条主要高铁——京沪高铁——于 2011 年 6 月 30 日开通，高铁连接了两大最具有经济活力的地区-环渤海都市圈和长三角，两大地区的人口总数占到了全国总人口的四分之一。研究人员利用 NASA 高分辨卫星数据（中国在 2013 年前缺乏可靠的地面空气污染监测数据）发现，高铁开通半年内沿路各县的颗粒物浓度下降了 6.2%，这一影响随后两年持续加强，表明随着城际出行者逐渐转变出行方式，环境效益不断增强。汽车尾气是城市空气污染的主要来源，占到了北京和上海两大超级城市 PM2.5 排放的 45–52%，其中很大一部分是区域间交通。研究人员估计，高铁开通每年产生的外部健康效益价值约 210 亿元人民币，相当于建设成本的很大一部分。

Система мониторинга транспорта оказалась уязвимой.

免责声明由于传播、利用本公众号狐狸说安全所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责

North Korean threat actors have evolved their cybercriminal operations into a sophisticated digital deception campaign that has successfully siphoned at least $88 million USD from organizations worldwide. These operatives, masquerading as legitimate freelance developers, IT staff, and contractors, have exploited the global shift toward remote work to embed themselves within trusted corporate workflows. The campaign […]

The post Researchers Detailed North Korean Threat Actors Technical Strategies to Uncover Illicit Access appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Progress LoadMaster. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-56131. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Progress LoadMaster and classified as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2024-56132. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress LoadMaster and classified as critical. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2024-56133. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in RTI Connext Professional up to 7.4.x. Affected by this issue is some unknown functionality of the component Core Libraries. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-1254. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 1 - A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.