Aggregator

80% трафика — не люди, и это новая реальность интернета.

一位iPhone XS用户询问是否可以远程关闭手机以防丢失，即使短暂关机后被重新启动也无妨。

A vulnerability, which was classified as problematic, has been found in Nautobot up to 1.6.31/2.4.9. Affected is an unknown function of the component URL Endpoint. This manipulation causes information disclosure. This vulnerability appears as CVE-2025-49143. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. It has been declared as problematic. The affected element is an unknown function. Executing manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2025-48991. The attack may be performed from a remote location. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OceanWP Plugin up to 4.0.9/4.1.1 on WordPress. This affects the function oceanwp_notice_button_click of the component Plugin Installation Handler. Performing manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2025-8891. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Antabot White-Jotter 0.22. It has been rated as critical. Impacted is the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. Performing manipulation with the input EVANNIGHTLY_WAOU results in deserialization. This vulnerability is reported as CVE-2025-8708. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in goauthentik authentik. This affects the function request.context["pending_user"].is_active of the component OAuth/SAML. This manipulation causes improper privilege management. This vulnerability appears as CVE-2025-53942. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Red Hat Keycloak. It has been rated as problematic. Impacted is an unknown function of the component Email Verification. The manipulation leads to origin validation error. This vulnerability is traded as CVE-2025-7365. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in goauthentik authentik and classified as critical. The affected element is an unknown function of the component RAC Endpoint. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-52553. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Gogs up to 0.13.2. It has been classified as problematic. Impacted is an unknown function of the component Incomplete Fix CVE-2024-39931. The manipulation leads to files or directories accessible. This vulnerability is listed as CVE-2024-56731. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. Affected by this vulnerability is an unknown functionality. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2025-50179. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in BeyondTrust Remote Support and Privileged Remote Access up to 24.2.4/24.3.4/25.1.1. This impacts an unknown function of the component Chat. This manipulation with the input {{implode(null,array_map(chr(99).chr(104).chr(114),[105,100]))}} causes code injection. This vulnerability appears as CVE-2025-5309. The attack may be initiated remotely. There is no available exploit.

1.Qilin勒索团伙公布了新的受害者 2.Play勒索团伙公布新的受害公司 3.INC Ransom团伙公布新的受害公司

文章指出当前环境出现异常，需完成验证后才能继续访问，并提供验证入口。

Also: New 'Quishing' Tactics, Pro-Houthi Hacker Sentenced to 20 Months
This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an Apple Patch.

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still Pending
Nuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software's MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance's healthcare clients.

CEO Amir Ben-Efraim: Acquisition Adds AI-Powered File Sanitization to Browser Tools
Through its acquisition of Votiro, Menlo Security has embedded file-level sanitization and AI-powered detection directly into its enterprise browser stack. CEO Amir Ben-Efraim says the move helps prevent malware, data leaks and phishing risks at the browser level.

Copilot Falls for Prompt Injection Yet Again
Microsoft quietly fixed a flaw that allowed users to instruct embedded artificial intelligence model Copilot not to log its access corporate files. "If you work at an organization that used Copilot prior to Aug 18, there is a very real chance that your audit log is incomplete."

Also: New 'Quishing' Tactics, Pro-Houthi Hacker Sentenced to 20 Months
This week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an Apple Patch.

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still Pending
Nuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software's MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance's healthcare clients.