Aggregator
CVE-2023-20910 | Google Android 11.0/12.0/13.0 WifiManager.java addNetworkSuggestions resource consumption (A-245299920 / EUVD-2023-25078)
Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely
Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code. These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses to compromise device security. Key Takeaways1. CVE-2025-21483 & CVE-2025-27034 allow remote RCE.2. Affects Snapdragon 8 […]
The post Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely appeared first on Cyber Security News.
CVE-2025-7734 | GitLab Community Edition/Enterprise Edition up to 18.0.5/18.1.3/18.2.1 cross site scripting (Issue 556090 / Nessus ID 260160)
CVE-2025-8770 | GitLab Enterprise Edition up to 18.0.5/18.1.3/18.2.1 Merge Request authorization (Issue 549105 / Nessus ID 260161)
Azure Active Directory Vulnerability Exposes Credentials and Enables Attackers to Deploy Malicious Apps
A critical security vulnerability has emerged in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments. This vulnerability centers around the exposure of appsettings.json files containing ClientId and ClientSecret credentials, effectively handing adversaries the keys to entire Microsoft 365 tenants. The vulnerability was identified during […]
The post Azure Active Directory Vulnerability Exposes Credentials and Enables Attackers to Deploy Malicious Apps appeared first on Cyber Security News.
CVE-2025-58178 | SonarSource sonarqube-scan-action up to 5.3.0 Scan GitHub Action command injection (GHSA-f79p-9c5r-xg88 / EUVD-2025-26367)
CVE-2025-58162 | MobSF Mobile-Security-Framework-MobSF 4.4.0 path traversal (GHSA-9gh8-9r95-3fc3 / EUVD-2025-26368)
CVE-2025-9813 | Tenda CH22 1.0.0.1 /goform/SetSambaConf formSetSambaConf samba_userNameSda buffer overflow (EUVD-2025-26372)
CVE-2025-9815 | alaneuler batteryKid up to 2.1 on macOS NSXPCListener PrivilegeHelper.swift missing authentication (EUVD-2025-26373)
聚焦上海!OSR 亮相中国密码学会 2025 测评会,解读大语言模型侧信道攻击新范式
美国人性生活频率处于历史最低水平
PromptLock是第一个人工智能驱动的勒索软件及其工作原理
Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three distinct remote access trojans (RATs)—PondRAT, ThemeForestRAT and RemotePE—to infiltrate and control compromised systems. In a 2024 incident response case, the […]
The post Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
JetBrains即日起取消LSP API订阅层级限制 免费版用户也可以使用LSP API
From bugs to bypasses: adapting vulnerability disclosure for AI safeguards
28 Years of Nmap – From Simple Port Scanner to Comprehensive Network Security Suite
Nmap has remained at the forefront of network discovery and security assessment for nearly three decades. Originally introduced on September 1, 1997, in Phrack magazine as a modest, 2,000-line Linux-only port scanner, Nmap has since matured into a sprawling toolkit encompassing OS and version detection, scripting, packet crafting, and more. As Nmap celebrates its 28th […]
The post 28 Years of Nmap – From Simple Port Scanner to Comprehensive Network Security Suite appeared first on Cyber Security News.