Aggregator

Он шёл, как человек, бил, как боксёр — и упал, как баг.

A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this ongoing campaign has established an extensive infrastructure comprising more than 2,800 malicious domains specifically designed to deliver Windows-targeted malware to individuals and entities both within China and internationally. The threat […]

The post Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware appeared first on Cyber Security News.

A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-7898. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-7897. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-7896. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. This vulnerability is traded as CVE-2025-7895. It is possible to launch the attack remotely. There is no exploit available.

Submit #609578 / VDB-317013

Submit #609040 / VDB-317012

Submit #609041 / VDB-317011

Submit #608941 / VDB-317011

KAIST создал сенсорную систему, пугающе похожую на человеческую.

Submit #608940 / VDB-317010

一位自由职业开发者在r/blackhat社区发帖，提供定制编码服务，包括自动化机器人、网站开发、后端系统及脚本编写等。强调根据客户需求定制方案，快速交付且价格合理。

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component Chat Interface. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-7894. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #615322 / VDB-317009

A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. This vulnerability was named CVE-2025-7893. Attacking locally is a requirement. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

关键词🔒 一、Coinbase数据泄露余波事件升级泄露规模：确认69,461名用户敏感信息被盗，含住址、证件

关键词黑客🔓 奢侈品官网被入侵，客户隐私遭泄露！

关键词漏洞近日，新疆吐鲁番市高昌区公安局成功侦破一起破坏计算机信息系统案，这起案件不仅涉及未经检测的车用气瓶违