Aggregator

A vulnerability was found in Rolantis Agentis up to 4.31. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-4284. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rolantis Agentis up to 4.31. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4285. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A threat actor claiming to possess a zero-day Local Privilege Escalation (LPE) exploit targeting Apple’s macOS operating system has emerged on underground cybercriminal forums, offering the vulnerability for sale at a substantial price point. The alleged exploit, if genuine, represents a significant security concern for macOS users across multiple operating system versions, potentially allowing attackers […]

The post Hackers Selling macOS 0-Day LPE Exploit on Dark Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Elecom WRC-BE36QS-B and WRC-W701-B and classified as critical. Affected by this issue is some unknown functionality of the component Debug Handler. The manipulation leads to backdoor. This vulnerability is handled as CVE-2025-46267. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Arm Development Studio and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is known as CVE-2025-7427. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in powermail Extension up to 12.5.2/13.0.0 on TYPO3. Affected is an unknown function. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2025-7899. It is possible to launch the attack remotely. There is no exploit available.

近期，社会上出现以“快速致富”“无需偿还债务”为诱饵的“职业背债”骗局，部分消费者因轻信此类虚假宣传陷入困境。金融监管总局金融消费者权益保护局提示广大消费者提高警惕，远离“职业背债”陷阱。

意见反馈截止日期为2025年8月4日前。

近日，网安标委发布《网络安全标准实践指南——摇一摇广告触发行为安全要求》。

近日，国家数据局发布《基于数据可信流通设施环境番茄生长模型场景的数据流通案例》，基于数联网、数据流通合规审计和区块链应用等的数据可信流通设施，在利用数据赋能番茄品种优质高效生产的同时，实现番茄生长模型数据全链路流通安全合规审计和可追溯。

适逢《国家安全法》颁布十周年，为更好地践行总体国家安全观，进一步强化我国网络安全，本文旨在明晰网络安全与国家安全之间的关系，结合中国科学技术大学网络空间安全学院的具体实践，探讨全面增强网络安全意识的可行实施路径。

A vulnerability, which was classified as critical, has been found in femanager Extension up to 6.4.1/7.5.2/8.3.0 on TYPO3. This issue affects some unknown processing. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2025-7900. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Linux Kernel up to 6.16-rc1. This vulnerability affects the function handle_posix_cpu_timers of the component posix-cpu-timers. The manipulation leads to state issue. This vulnerability was named CVE-2025-38352. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Elecom WRC-BE36QS-B and WRC-W701-B. This affects an unknown part of the component WebGUI. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-53472. It is possible to initiate the attack remotely. There is no exploit available.

Более 100 доменов и Telegram-канал NyashTeam пошли под нож.

AI智能体越来越多地被称为人工智能创新的“第三次浪潮”，也带来了复杂的治理问题和网络安全挑战。

Critical security vulnerabilities in Apache Jena have been disclosed that enable administrators to access and create files outside designated server directories, potentially compromising system security. Two distinct CVEs were published on July 21, 2025, affecting all versions of Apache Jena through 5.4.0, with administrators urged to upgrade to version 5.5.0 immediately to mitigate these risks. […]

The post Apache Jena Vulnerability Allows Arbitrary File Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Один из ключевых этапов кибератак по матрице MITRE ATT&CK — повышение привилегий (Privilege Escalation). Он предполагает эксплуатацию уязвимостей в операционных системах (ОС) или приложениях для получения несанкционированного доступа к защищённым ресурсам.

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. [...]