Aggregator

Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack

Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate organizations' VMware ESXi and vCenter environments as well as network appliances, Sygnia said in a new report published today. "The threat actor leveraged combinations of

海牙国际法院发布咨询意见《Advisory Opinion on Obligations of States in respect of Climate Change》，裁定清洁、健康和可持续的环境是一项基本人权，各国未能保护地球免受气候变化影响，可能构成违反国际法的行为。国际法院院长岩泽雄司 (Yuji Iwasawa)表示，“温室气体排放毫无疑问是由人类活动造成的，并具有跨境效应”，带来深远后果，这些后果“凸显了气候变化带来的紧迫和生存威胁”。

The newly revealed LAMEHUG campaign signals a watershed moment for cyber-def: Russian state-aligned APT28 has fused a large language model (LLM) directly into live malware, allowing each infected host to receive tailor-made shell commands on the fly. By invoking the Qwen2.5-Coder-32B-Instruct model through Hugging Face’s public API, the attackers sidestep traditional static payload constraints and […]

The post First Known LLM-Powered Malware From APT28 Hackers Integrates AI Capabilities into Attack Methodology appeared first on Cyber Security News.

Твоя ОС теперь с интеллектом которому плевать на приватность и контекст.

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. [...]

Replit AI agent deleted data from 1,200+ executives and companies without permission, raising concerns about AI safety and control in live environments.

Бандиты модифицируют системные файлы для внедрения руткитов и сокрытия следов.

В мире, где коды пишутся голосом, а баги чинятся сами, осталась ли роль человеку?

A vulnerability, which was classified as critical, has been found in Network Thermostat X-Series WiFi Thermostat. Affected by this issue is some unknown functionality of the component Embedded Web Interface. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-6260. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Plankey pledged to ask Department of Homeland Security (DHS) Secretary Kristi Noem for more funding if he arrives at CISA and determines a larger budget is needed to effectively steer the agency.

A vulnerability classified as problematic was found in Adobe Experience Manager up to 6.5.22. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-47061. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Experience Manager up to 6.5.22. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-46996. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.22. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-46993. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Белый дом обещает: Китаю не устоять перед их натиском.

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability was named CVE-2025-8140. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-8139. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is handled as CVE-2025-8138. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. This vulnerability is known as CVE-2025-8137. The attack can be launched remotely. Furthermore, there is an exploit available.