Aggregator

当前环境出现异常，需完成验证后方可继续访问。

当前环境出现异常状态，需完成验证流程后方可继续访问。

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

当前环境异常,需完成验证后继续访问。

A vulnerability classified as critical has been found in Microsoft Windows 11 22H2/11 23H2/11 24H2/Server 2022 23H2/Server 2025. Affected is an unknown function of the component Brokering File System. The manipulation leads to double free. This vulnerability is traded as CVE-2025-49693. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component Graphics Component. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-49732. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Canonical Multipass up to 1.15.1. It has been rated as critical. This issue affects some unknown processing of the component Launch Daemon. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2025-5199. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Teams. It has been classified as critical. This affects an unknown part. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2025-49737. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Graphics Component. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-49742. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

该文章介绍了一个开放的黑客社区,旨在帮助新手成长为资深黑客,鼓励提问、回答和学习,并提供Discord链接供进一步交流。

A vulnerability was found in Nokri Plugin up to 1.6.3 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to authentication bypass using alternate channel. This vulnerability is handled as CVE-2025-1313. The attack may be launched remotely. There is no exploit available.

Lingokids是一款专为2至8岁儿童设计的教育类应用，通过互动游戏、动画视频等形式提供英语、STEM、艺术等多学科学习内容。其Playlearning理念强调在游戏中学习，注重儿童自主探索和全面发展。应用内容丰富且动态适配孩子成长需求，并融入情绪认知和社交技能培养。

NVIDIA警告用户启用系统级ECC以防范针对GDDR6 GPU的Rowhammer攻击。研究人员展示了该攻击对A6000 GPU的影响，并开发了GPUHammer工具。Rowhammer通过内存行访问引发数据位翻转，导致数据损坏或服务中断。ECC可纠正单比特错误，保障数据可靠性。部分新GPU已内置保护功能。

Одна планета, три реактора, четыре топлива — и только один шанс выйти на орбиту.

作者重新启动旧项目，整理渗透测试和红队相关的技术资料，并创建了rootstash仓库来有条理地管理这些内容。为了避免拖延，他选择逐步更新并发布案例研究。最近的例子是优化处理ShapHound输出的Python脚本，并将其公开。

The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service operation, which has accumulated over 310 victims since its emergence, has distinguished itself through sophisticated […]

The post Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities appeared first on Cyber Security News.

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection. This vulnerability was named CVE-2025-7525. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. This vulnerability is uniquely identified as CVE-2025-7524. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. This vulnerability is handled as CVE-2025-7523. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #612936 / VDB-316222