Aggregator

A vulnerability was found in Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2. It has been rated as problematic. Affected by this issue is the function xfd_update_state. The manipulation leads to state issue. This vulnerability is handled as CVE-2024-35801. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

阿里小号因运营商管控要求将全面下线，用户需及时更换绑定手机号以避免影响账号登录。该服务曾为用户提供隐私保护功能，但停服后可能无法接收验证码。已开通用户可申请退费。

In April 2025, cybersecurity experts from Cisco Talos uncovered a new threat vector: cybercriminals exploiting public repositories on GitHub to host malicious payloads used in distributing the Amadey trojan. According to researchers, the creation...

The post GitHub Weaponized: Cisco Talos Uncovers Massive MaaS Operation Distributing Amadey, Loaders, and Infostealers appeared first on Penetration Testing Tools.

A vulnerability was found in Oracle Communications Service Catalog and Design 7.4.2.8.0 and classified as critical. This issue affects some unknown processing of the component PSR Designer. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-33201. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Network Repository Function 23.3.1. Affected by this issue is some unknown functionality of the component Install/Upgrade. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-33201. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Banking Liquidity Management 14.5/14.6/14.7 and classified as critical. Affected by this issue is some unknown functionality of the component Common. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-33201. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Banking Origination 14.5/14.6/14.7. It has been declared as critical. This vulnerability affects unknown code of the component Onboarding Batch Processes. The manipulation leads to information disclosure. This vulnerability was named CVE-2023-33201. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle Banking Supply Chain Finance 14.5/14.6/14.7. Affected is an unknown function of the component Security. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-33201. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Banking Trade Finance Process Management 14.5/14.6/14.7. Affected by this issue is some unknown functionality of the component Dashboard. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-33201. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Oracle Communications Messaging Server 8.1.0.24.0. This affects an unknown part of the component Security. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-33201. It is possible to initiate the attack remotely. There is no exploit available.

文章描述了错误代码521的含义及其常见原因，指出该错误通常与服务器配置问题或DNS设置错误有关，并提供了排查和解决该问题的方法。

HackerNews 编译，转载请注明出处： 英国国家网络安全中心（NCSC）报告称，与俄罗斯军事情报局（GRU）有关的威胁行为者一直在使用以前未知的恶意软件对受害者的电子邮件账户进行间谍活动。 这种新的复杂恶意软件被命名为“真实假象”（Authentic Antics），NCSC表示，与GRU有关的威胁组织APT28（又名Fancy Bear、Pawn Storm、Sednit、Sofacy和Iron Twilight）一直在负责部署该恶意软件。 NCSC的分析显示，“真实假象”是专门设计的，旨在通过伪装成合法活动，实现对微软云账户的持久端点访问。该恶意软件的设计投入了“大量心思”，以实现看起来像真实的微软Outlook活动的效果。 它会定期显示一个登录窗口，提示用户输入凭证，这些凭证随后会被恶意软件拦截，同时被拦截的还有用于访问微软服务的OAuth身份验证令牌。该恶意软件还会通过从受害者的账户向攻击者控制的电子邮件地址发送邮件来窃取受害者的数据，这些邮件不会出现在“已发送”文件夹中。 对该恶意软件的分析表明，它没有采用传统的命令与控制（C&C）机制，这种机制可能会增加其被检测到的可能性。 俄罗斯网络威胁持续存在 NCSC行动总监保罗·奇切斯特（Paul Chichester）评论道：“‘真实假象’恶意软件的使用，证明了俄罗斯GRU构成的网络威胁具有持续性和复杂性。多年来NCSC对GRU活动的调查表明，网络防御者不应轻视这种威胁，监控和保护行动对于防御系统至关重要。” “真实假象”恶意软件是在2023年发生一起网络事件后被发现的，该事件由微软和NCSC认证的网络事件响应服务提供商NCC Group进行了调查。 6月17日，乌克兰国家计算机应急响应小组（CERT-UA）识别出一种名为“LameHug”的新恶意软件，该机构表示，有中等把握认为该软件可能与APT28针对乌克兰安全和国防部门的网络攻击有关。 2025年5月，美国国家安全局与包括NCSC在内的盟友发布了一份联合网络安全咨询，强调了一场由俄罗斯国家支持、针对西方物流实体和科技公司的网络活动。该活动同样与APT28有关联。 英国制裁俄罗斯GRU军官 在英国政府分享“真实假象”恶意软件分析的同一天，英国政府还宣布对三个GRU单位（26165、29155和74455）以及18名GRU军官和特工实施制裁，原因是他们参与了全球范围内的网络和信息干扰行动，以支持俄罗斯更广泛的地缘政治和军事目标。 英国外交大臣戴维·拉米（David Lammy）表示：“克里姆林宫应该毫无疑问：我们看清了他们在阴影中的企图，我们不会容忍这种行为。这就是为什么我们要采取果断行动，制裁俄罗斯间谍。保护英国免受伤害是本政府‘变革计划’（Plan for Change）的根本。”       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

当前环境出现异常,需完成验证后方可继续访问。

一、引言在网络安全领域，漏洞检测一直是一项重要且复杂的工作。随着人工智能技术的飞速发展，其在网络安全中的应用

The cryptocurrency exchange BigONE has fallen victim to a cyberattack that resulted in the theft of digital assets valued at $27 million. The breach occurred during the night of July 16, when the platform’s...

The post BigONE Crypto Exchange Hacked for $27 Million: Funds Being Laundered, Users Reassured appeared first on Penetration Testing Tools.

Google has filed a lawsuit against the unidentified operators of the malicious botnet BadBox 2.0, accusing them of orchestrating a large-scale advertising fraud scheme that directly targeted the company’s own platforms. According to the...

The post Google Sues BadBox 2.0: Battling Multi-Million Dollar Ad Fraud Botnet on 10M+ Android Devices appeared first on Penetration Testing Tools.

A vulnerability was found in Fantastico. It has been declared as problematic. This vulnerability affects unknown code of the file includes/mysqlconfig.php. The manipulation of the argument fantasticopath leads to path traversal. This vulnerability was named CVE-2007-1455. The attack can be initiated remotely. Furthermore, there is an exploit available.

Google continues to advance Gmail at a vigorous pace, introducing new features enhanced by artificial intelligence. These updates undoubtedly improve user convenience, yet they also force individuals to confront an increasingly difficult trade-off between...

The post Gmail’s New Shielded Email: Google Battles Spam and Boosts Privacy with Disposable Addresses appeared first on Penetration Testing Tools.

Currently trending CVE - Hype Score: 1 - A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

Currently trending CVE - Hype Score: 19 - Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.