Aggregator
【漏洞通告】Gitblit身份验证绕过漏洞(CVE-2024-28080)
Silver Fox APT Exploits Signed Windows Driver to Deliver ValleyRAT
CVE-2025-9573 | ns_backup Backup Plus Extension up to 13.0.2 on TYPO3 os command injection (EUVD-2025-26375 / WID-SEC-2025-1941)
GNOME 基金会执行董事上任 4 个月后卸任
神秘人族头骨被发现有至少 28.6 万年历史
Opening academisch jaar TU Eindhoven: “Wat jullie doen kan levens redden”
HashiCorp Vault Vulnerability Let Attackers to Crash Servers
A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive. Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases. […]
The post HashiCorp Vault Vulnerability Let Attackers to Crash Servers appeared first on Cyber Security News.
MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files
A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation. The vulnerability, present in version 4.4.0 and patched in 4.4.1, underscores the importance of rigorous sanitization when handling user‐supplied file paths and archives. Key Takeaways1. MobSF v4.4.0 allowed attackers […]
The post MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.
每月动态 | Web3 安全事件总损失约 8289 万美元
CVE-2025-41031 | T-INNOVA Deporsite prior 02.14.1115 POST Request uploadImage IdPersona/Foto authorization
CVE-2025-41030 | T-INNOVA Deporsite prior 02.14.1115 buscarPersona dni authorization
CVE-2025-41690 | Endress+Hauser Promag 10 with HART Bluetooth log file (VDE-2025-068)
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
New TinkyWinkey Stealthily Attacking Windows Systems With Advanced Keylogging Capabilities
A sophisticated Windows-based keylogger known as TinkyWinkey began surfacing on underground forums in late June 2025, targeting enterprise and individual endpoints with unprecedented stealth. Unlike traditional keylogging tools that rely on simple hooks or user-mode processes, TinkyWinkey leverages dual components—a Windows service and an injected DLL payload—to remain hidden while harvesting rich contextual data. The […]
The post New TinkyWinkey Stealthily Attacking Windows Systems With Advanced Keylogging Capabilities appeared first on Cyber Security News.