Aggregator

大模型安全避坑指南

A vulnerability categorized as critical has been discovered in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. This vulnerability is reported as CVE-2025-10596. The attack can be launched remotely. Moreover, an exploit is present.

A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems.  The vulnerability affects boot managers from 2005 to 2022 and can still be exploited on updated systems through downgrade attacks, posing significant risks to enterprise security. Key Takeaways1. Bitpixie lets attackers bypass BitLocker […]

The post Hackers Can Exploit Bitpixie Vulnerability to Bypass BitLocker Encryption and Escalate Privileges appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in ABB 2.4 Display 55, 2.4 Display 63, RoomTouch 4 and BCU KNX. This affects an unknown function of the component KNX Bus-System. The manipulation results in improper access controls. This vulnerability was named CVE-2024-4008. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability identified as critical has been detected in zephyrproject-rtos Zephyr up to 3.6. This vulnerability affects the function adv_ext_report of the component HCI. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2024-6259. The attack needs to be done within the local network. There is no exploit available.

A vulnerability marked as critical has been reported in zephyrproject-rtos Zephyr up to 3.6. Impacted is the function rfcomm_handle_data of the component BT. Performing manipulation of the argument net_buf results in heap-based buffer overflow. This vulnerability is identified as CVE-2024-6258. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability described as critical has been identified in zephyrproject-rtos Zephyr up to 3.6. The affected element is the function get_att_search_list of the component BT. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2024-6137. The attack is only possible within the local network. No exploit exists.

A vulnerability classified as critical was found in zephyrproject-rtos Zephyr up to 3.6. This affects the function bap_broadcast_assistant of the component BT. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2024-5931. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in WP Import Plugin up to 7.27 on WordPress. It has been rated as problematic. This vulnerability affects the function upload_function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-10058. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in WP Import Plugin up to 7.28 on WordPress. The impacted element is the function write_to_customfile of the file customFunction.php. Such manipulation leads to code injection. This vulnerability is traded as CVE-2025-10057. The attack may be launched remotely. There is no exploit available.

Submit #649317 / VDB-324615

Submit #649316 / VDB-324614

Submit #649315 / VDB-324613

AMD工程师正在解决Linux内核对ACPI C4状态的支持问题，以使搭载AMD处理器的Linux笔记本电脑能够进入更深度的睡眠模式，从而节省电量并延长续航时间。

美国司法部重新判处22岁的Conor Fitzpatrick三年监禁，因其曾担任非法网络犯罪论坛BreachForums的管理员，并持有儿童性虐待材料。该论坛曾涉及大量被盗数据交易。Fitzpatrick此前因轻判引发争议后被上诉推翻。

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, one count of access device

A sophisticated new campaign that represents the first documented real-world deployment of FileFix attacks beyond proof-of-concept demonstrations. This campaign marks a significant evolution in social engineering tactics, combining advanced steganographic techniques with multilayered obfuscation to deliver the StealC information stealer through an innovative attack vector that builds upon the notorious ClickFix methodology. Researchers from Acronis’ […]

The post New FileFix Steganography Campaign Spreads StealC Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

苹果为iPhone 6等旧设备发布安全更新iOS 15.8.5和iPadOS 15.8.5，修复了编号CVE-2025-43300的越界写入漏洞，该漏洞可能导致处理恶意图像时内存损坏。受影响设备包括iPhone 6s、7、SE第一代、iPad Air 2、iPad mini第四代和iPod touch第七代。

苹果为 10 年前的 iPhone 6 释出安全更新 iOS 15.8.5 和 iPadOS 15.8.5，修复了一个正被利用的安全漏洞。编号为 CVE-2025-43300 的漏洞是一个越界写入 bug 导致的，可能导致在处理恶意图像文件时内存损坏(memory corruption)。苹果称它收到了漏洞利用的报告。最新补丁适用于 iPhone 6s（所有型号）、iPhone 7（所有型号）、iPhone SE（第一代）、iPad Air 2、iPad mini（第四代）和 iPod touch（第七代）。