Aggregator

当前环境异常，请完成验证后继续访问。

A critical security vulnerability has been discovered in Citrix’s Windows Virtual Delivery Agent that could allow attackers with low-level system access to escalate their privileges to SYSTEM level, potentially granting them complete control over affected systems. The vulnerability, tracked as CVE-2025-6759, affects Citrix Virtual Apps and Desktops as well as Citrix DaaS (Desktop as a […]

The post Citrix Windows Virtual Delivery Agent Vulnerability Lets Attackers Escalate to SYSTEM Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

中国研究人员首次直接观测到“反Klein隧穿”（AKT）现象——这一量子悖论描述的是手性粒子在遇到势垒时并非穿越，而是被完全反射。“Klein隧穿”是量子物理中的一个著名悖论：质量为零的相对论粒子可以无视能垒的存在，自由穿越而不发生反射。与之相对的“反Klein隧穿”则预言：对于具有“手性”特征的有质量粒子，能垒会导致完全反射。这种奇特的传播行为长期以来仅存在于理论推演和间接证据中，始终缺乏实验验证。该研究中，团队设计了一种结构可调的双层声子晶体，在其声学色散关系中引入了手性与质量，使系统中的声子类比于双层石墨烯中的手性准粒子。当声波遇到由此构成的势垒结构时，传播行为取决于结构参数的调控：在特定配置下，声波被完全反射，即出现反Klein隧穿；而在另一配置下，则可以实现完全穿透，即Klein隧穿。

中国研究人员首次直接观测到“反Klein隧穿”现象，利用双层声子晶体模拟手性准粒子，在特定条件下实现声波完全反射或穿透，验证了这一长期理论预测。

Загрузчик был простым, а стал многозадачным.

A critical security vulnerability has been discovered in Fortinet’s FortiWeb web application firewall that allows unauthenticated attackers to execute malicious SQL commands through the device’s graphical user interface. The flaw, designated as CVE-2025-25257, poses significant risks to organizations relying on FortiWeb for web application protection. Vulnerability Details The vulnerability stems from improper neutralization of special elements […]

The post FortiWeb SQL Injection Vulnerability Allows Attackers to Execute Malicious SQL Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Microsoft Office and classified as critical. This vulnerability affects unknown code. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-49697. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Excel and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-49711. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Fortinet FortiOS up to 7.2.11/7.4.7/7.6.1. It has been classified as critical. This affects an unknown part of the component cw_stad Daemon. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-24477. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD EPYC 7003 Processors, EPYC 9004 Processors, EPYC 8004 Processors, EPYC 9V64H Processor, Ryzen 5000 Desktop Processors, Ryzen 5000 Desktop Processor with Radeon Graphics, Ryzen 7000 Desktop Processors, Ryzen 8000 Processor with Radeon Graphics, Ryzen Threadripper PRO 7000 WX-Series Processors, Ryzen 6000 Processor with Radeon Graphics, Ryzen 7035 Processor with Radeon Graphics, Ryzen 7000 Processors with Radeon Graphics, Ryzen 7040 Processors with Radeon Graphics, Ryzen 8040 Mobile Processors with Radeon Graphics, Ryzen 7000 Mobile Processors, EPYC Embedded 7003 Processors, EPYC Embedded 8004 Processors, EPYC Embedded 9004 Processors, Ryzen Embedded 5000 Processors, Ryzen Embedded 7000 Processors, Ryzen Embedded V3000 Processors, EPYC Embedded 97X4 and Ryzen 5000 Processors with Radeon Graphics. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-36350. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Microsoft Excel. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-48812. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in GNOME gnome-remote-desktop. Affected by this vulnerability is an unknown functionality of the component RDP PDU Handler. The manipulation leads to resource consumption. This vulnerability is known as CVE-2025-5024. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in jq up to 1.7.1. This issue affects some unknown processing. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2024-23337. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in jq up to 1.7.1. Affected is the function jv_string_vfmt of the file jv.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-48060. It is possible to launch the attack remotely. There is no exploit available.

Cybersecurity friction usually gets framed as a user problem: password policies that frustrate employees, MFA that slows down logins, or blocked apps that send workers into the arms of shadow IT. But there’s a different kind of friction happening behind the scenes, and it’s hitting security teams themselves. It shows up during incident response, threat hunting, and day-to-day tasks. It’s the drag of too many tools, rigid approval chains, and a lack of clarity about … More →

The post Why your security team feels stuck appeared first on Help Net Security.

A vulnerability classified as problematic has been found in Horde Groupware 1.0.5/1.0.6. This affects an unknown part of the file addevent.php. The manipulation of the argument url leads to cross site scripting. This vulnerability is uniquely identified as CVE-2008-1974. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

在上周的直播中，有个观众问，自己有一些Linux的基础，怎么样能入门网络安全。本文笔者浅谈该问题。

Он должен был защищать, но стал помощником для преступлений.

A Chinese state-sponsored hacker, Xu Zewei, 33, has been arrested for his alleged role in the widespread HAFNIUM cyber attacks and theft of COVID-19 research. Learn about the charges and China's Ministry of State Security involvement.

In this Help Net Security interview, Dr. Nicole Nichols, Distinguished Engineer in Machine Learning Security at Palo Alto Networks, discusses why existing security models need to evolve to address the risks of AI agents. She explains how organizations should approach threat modeling, governance, and monitoring for agents that can reason and act. Nichols also shares practical steps, like logging and clone-on-launch, to help keep systems secure as these agents grow more capable. Do you think … More →

The post It’s time to give AI security its own playbook and the people to run it appeared first on Help Net Security.