Aggregator

Some insurers look to limit payouts to companies that don't remediate serious vulnerabilities in a timely manner. Unsurprisingly, most companies don't like those restrictions.

A vulnerability labeled as critical has been found in Espressif ESP-IDF up to 5.0.8/5.1.5/5.3.2/5.4.0. Affected is an unknown function. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2025-55297. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A sophisticated supply chain attack has emerged targeting developers through a malicious Go module package that masquerades as a legitimate SSH brute forcing tool while covertly stealing credentials for cybercriminal operations. The package, named “golang-random-ip-ssh-bruteforce,” presents itself as a fast SSH brute forcer but contains hidden functionality that exfiltrates successful login credentials to a Telegram […]

The post Malicious Go Module Package as Fast SSH Brute Forcer Exfiltrates Passwords via Telegram appeared first on Cyber Security News.

Apple产品发现严重漏洞CVE-2025-43300，影响iPhone、iPad和MacBook。CISA要求政府机构于9月11日前修复，并指出该漏洞已被用于针对特定个体的复杂攻击。该漏洞无需用户交互即可触发，可通过恶意图片传播。苹果已发布补丁以应对这一威胁。

Data I/O遭遇勒索软件攻击致关键系统瘫痪，影响运输与制造；已采取隔离措施应对；预计修复成本或对其财务造成重大影响；制造业成勒索攻击重灾区。

The tech manufacturer Data I/O reported a ransomware attack to federal regulators, writing that the incident has taken down critical operational systems.

The Cybersecurity and Infrastructure Security Agency (CISA) gave civilian federal agencies until September 11 to implement a fix for CVE-2025-43300 — a vulnerability affecting popular brands of Apple phones, iPads and Macbooks.

A vulnerability has been found in Ceph up to 13.2.3 and classified as problematic. The impacted element is an unknown function. Performing manipulation results in information disclosure (Key). This vulnerability is identified as CVE-2018-14662. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in GnuTLS up to 3.8.2. Affected by this issue is some unknown functionality of the component RSA-PSK ClientKeyExchange Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is listed as CVE-2024-0553. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in SOGo Web Mail up to 5.6.0. Affected by this issue is some unknown functionality. The manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2025-50340. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability identified as critical has been detected in Oracle Enterprise Operations Monitor 5.0/5.1. Affected by this vulnerability is an unknown functionality of the component SSL Module. Performing manipulation results in information exposure through discrepancy. This vulnerability is reported as CVE-2023-0361. The attack is possible to be carried out remotely. No exploit exists.

AI-assisted security reviews from Anthropic and others could help level up enterprise application security in the era of vibe coding.

Это новый рычаг для электроники будущего...

A vulnerability, which was classified as critical, was found in Oracle Communications Network Analytics Data Director 23.1.0. Affected by this vulnerability is an unknown functionality of the component Install/Upgrade. Executing manipulation can lead to information disclosure. This vulnerability is handled as CVE-2023-0361. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Oracle MySQL Cluster up to 8.0.33. The affected element is an unknown function of the component NDB Operator. The manipulation results in information disclosure. This vulnerability is known as CVE-2023-0361. It is possible to launch the attack remotely. No exploit is available.

A vulnerability categorized as critical has been discovered in Oracle Communications Cloud Native Core Console 23.1.1/22.4.2. Affected by this vulnerability is an unknown functionality of the component Configuration. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2023-0361. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Oracle Communications Cloud Native Core Policy 22.4.0/23.1.0. The affected element is an unknown function of the component Install/Upgrade. The manipulation results in information disclosure. This vulnerability is known as CVE-2023-0361. It is possible to launch the attack remotely. No exploit is available.

天文学家首次直接追踪一颗垂死恒星超过一个世纪的缓慢转变，这一发现不仅刷新了在行星状星云中观测恒星演化的时间纪录，甚至可能是迄今在所有恒星中所观测到的最长演化过程，其变化幅度亦十分显著。螺线图星云（Spirograph Planetary Nebula）IC 418 是最早被发现的行星状星云之一，同时也是最明亮、最美丽且易于研究的星云之一。早在 1893 年，天文学家便已开始观测其光谱。自被发现以来，IC 418便 持续受到观测，即使观测光谱的技术多次革新，从肉眼测量进展到底片、数字相机，直至今日常用的 CCD，对这一星云的观测从未间断。 IC 418自开始观测以来，其特征性的绿光已经比维多利亚时代天文学家研究时强了约 2.5 倍。这样的变化是由中央恒星温度升高所致。自 1893 年以来，它的温度已经上升约 3,000°C，大约每 40 年增加 1,000°C。作为对照，太阳在形成过程中也曾升高相同程度的温度，但花了整整1,000万年。行星状星云是恒星生命的最后阶段之一。当恒星核心变得不稳定时，会将外层物质抛向太空，留下的核心则会迅速升温，使周围的气体与尘埃被激发形成壮丽的结构。对 IC 418 而言，这些结构错综复杂、宛如漩涡图案，因此获得螺线图星云的昵称。

Courts jail hackers and PyPI boosts defenses, Noodlophile evolves with Telegram staging, and DPRK actors abuse GitHub in diplomat attacks.

​在成立三十周年之际，vivo 的新里程碑。