Aggregator

CyCognito research finds that a third of education sector APIs, web apps and cloud assets are exposed to attack

当前环境出现异常，需完成验证后方可继续访问。

安全筑基金融信任，合规保障科技落地。

A vulnerability was suspected in libsoup. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was found in RVC-Boss GPT-SoVITS up to 20250228v3. It has been rated as critical. This issue affects the function open_slice of the file webui.py. The manipulation leads to command injection. The identification of this vulnerability is CVE-2025-49833. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in RVC-Boss GPT-SoVITS up to 20250228v3. Affected is the function open_denoise of the file webui.py. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-49834. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in RVC-Boss GPT-SoVITS up to 20250228v3. Affected by this vulnerability is the function open_asr of the file webui.py. The manipulation leads to command injection. This vulnerability is known as CVE-2025-49835. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in RVC-Boss GPT-SoVITS up to 20250228v3. Affected by this issue is the function uvr of the file bsroformer.py. The manipulation of the argument model_choose leads to deserialization. This vulnerability is handled as CVE-2025-49839. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in RVC-Boss GPT-SoVITS up to 20250228v3. This affects the function change_label of the file webui.py. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-49836. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in RVC-Boss GPT-SoVITS up to 20250228v3 and classified as critical. This vulnerability affects the function uvr of the file vr.py. The manipulation of the argument model_choose leads to deserialization. This vulnerability was named CVE-2025-49837. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in RVC-Boss GPT-SoVITS up to 20250228v3 and classified as critical. This issue affects the function uvr of the file vr.py. The manipulation of the argument model_choose leads to deserialization. The identification of this vulnerability is CVE-2025-49838. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in RVC-Boss GPT-SoVITS up to 20250228v3. It has been declared as critical. Affected by this vulnerability is the function change_gpt_weights of the file inference_webui.py. The manipulation of the argument GPT_dropdown leads to deserialization. This vulnerability is known as CVE-2025-49840. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in RVC-Boss GPT-SoVITS up to 20250228v3. It has been rated as critical. Affected by this issue is the function load_sovits_new of the file process_ckpt.py. The manipulation of the argument SoVITS_dropdown leads to deserialization. This vulnerability is handled as CVE-2025-49841. The attack may be launched remotely. There is no exploit available.

欧盟《数据法案》旨在加强数据经济，促进公平竞争和创新市场，明确工业数据使用权并提升可访问性。该法案于2023年12月通过，2025年9月生效，要求企业确保设备生成的数据可访问、共享，并符合GDPR等规定。违规将面临高额罚款。企业需调整合同、政策和技术以确保合规。

当前环境出现异常，请完成验证后继续访问。

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and

Social engineering attacks have entered a new era—and they’re coming fast, smart, and deeply personalized. It’s no longer just suspicious emails in your spam folder. Today’s attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social channels, and create convincing fakes of your website, emails, and even voice. They don’t just spoof—they

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign "decoy" app that's hosted on the Google Play Store and its evil twin, which is

社会工程攻击利用生成式AI和深度伪造技术快速进化，通过模仿高管、劫持社交渠道和伪造网站实施精准诈骗。攻击者采用多渠道长期策略针对企业员工、客户和合作伙伴。Doppel的实时AI平台可识别并阻止此类威胁，在损失发生前采取行动。

研究人员发现安卓恶意软件Konfety新变种利用"evil twin"技术进行广告欺诈。该恶意软件通过伪装成合法应用并共享相同包名规避检测，并采用加密APK结构、动态加载代码和虚假压缩声明等多层混淆技术增加分析难度。其滥用CaramelAds SDK获取广告并具备重定向恶意网站等功能。