Aggregator

华云安宣布完成数千万元的B+轮融资

81%酒店遭攻击，勒索软件为首害，公共WiFi与IoT成高危入口。

The UK government’s Cyber Essentials scheme hits 10,000 certifications for the first time in a quarter but challenges persist

Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don’t seem urgent—until they are. What if your environment is already being tested, just not in ways you expected? Some of the most dangerous moves are hidden in plain sight. It’s worth asking: what patterns are we missing, and what signals are we ignoring because they don’t match old

Anyone accepting or sending ACH payments should understand common fraud techniques and take appropriate measures to curb them.

The post Securing ACH Against Emerging Authentication Bypass Methods  appeared first on Security Boulevard.

2025年06月16日-2025年06月22日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家

A vulnerability, which was classified as critical, was found in WHM Autopilot 2.4.5/2.4.6/2.4.6.5. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2004-1422. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

链上行为揭示汇旺支付已成为高效运行的地下支付枢纽。

上周关注度较高的产品安全漏洞(20250616-20250622)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞488个，其中高危漏洞240个、中危漏洞217个、低危漏洞31个。

A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6511. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-6510. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Netgear CBR40, D6220, D6400, D7000v2, D8500, DC112A, DGN2200v4, EAX20, EAX80, EX3700, EX3800, EX3920, EX6000, EX6100, EX6120, EX6130, EX6150, EX6200, EX6920, EX7000, EX7500, MK62, MR60, MS60, R6250, R6300v2, R6400, R6400v2, R6700v3, R6700, R6900P, R6900, R7000, R7000P, R7100LG, R7850, R7900, R7900P, R7960P, R8000, R8000P, R8300, R8500, RAX15, RAX20, RAX200, RAX45, RAX50, RAX75, RAX80, RBK752, RBR750, RBS750, RBK842, RBR840, RBS840, RBK852, RBR850, RBS850, RBS40V-200, RBW30, RS400, WN2500RPv2, WN3500RP, WNDR3400v3, WNR1000v3, WNR2000v2, WNR3500Lv2 and XR300. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2020-35796. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #596008 / VDB-313623

Submit #595999 / VDB-313623

Submit #595995 / VDB-313622

Submit #593678 / VDB-313622

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. This vulnerability is known as CVE-2025-6509. The attack can be launched remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.