Aggregator

转自：孤岛杂记项目生产过程中，从原始数据到成果数据都会有大量的数据需要存储，动则数十GB，甚至可达数十TB级别

今日暂未更新资讯~
更多最新文章，请访问SecWiki

В США предъявлены обвинения руководству Supermicro.

The notorious hacking collective LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving the multinational pharmaceutical and biotechnology company AstraZeneca. The threat actors are currently attempting to sell a compressed 3GB internal data dump, signaling a potential shift towards pay-to-access extortion methods. LAPSUS$, previously known for high-profile breaches targeting major technology firms, […]

The post AstraZeneca Data Breach – LAPSUS$ Group Allegedly Claims Access to Internal Data appeared first on Cyber Security News.

Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web […]

如果全球互联网瞬间中断，你的电脑还能做什么？ 查不了资料、用不了 AI、看不了课程、连地图都打不开，我们早已习惯依赖网络的电子设备，瞬间就会沦为一块砖头。 而现在，有个刚出圈的开源项目，直接解决了这个终极痛点。它就是Project N.O.M.A.D.， 一个完全离线优先、自给自足的知识与教育服务器，把可本地运行的 AI、核心生产工具、人类文明关键知识库，全打包进了你的设备里。 哪怕所有网线被剪断，哪怕身处完全无网的环境，它也能照常运转。一块太阳能板、一台迷你主机，就能撑起一个永不掉线的个人知识庇护所。 Project N.O.M.A.D. 的部署门槛极低，最低配置2GHz 双核及以上 CPU、4GB 内存、5GB 以上磁盘空间、Debian 系统，全程终端操作，无需桌面环境，装完后所有功能都能通过浏览器访问，你完全可以把它装在一台设备上当专属服务器，用其他终端随时访问。 Project N.O.M.A.D. 并非凭空打造的全能系统，而是整合了7 大开源工具Ollama、Qdrant、Kiwix、Kolibri、ProtoMaps、CyberChef、FlatNotes 这 7 个平台 / 工具，每个平台都在各自领域深耕多年，是离线场景下的最优解。 内置基于 Ollama 驱动的本地大模型对话能力，搭配 Qdrant 向量数据库实现 RAG 检索增强，支持文档上传和语义搜索。 不用联网、不用申请 API、没有订阅费，所有对话和数据都只存在你的本地设备里，隐私拉满，断网也能随时用 AI。 通过 Kiwix 实现全离线内容库，打包了全量维基百科、权威医学参考指南、生存手册、海量电子书等核心资源。哪怕没有网络，你也能随时查阅人类文明的核心知识。 基于 Kolibri 搭建的教育系统，内置可汗学院全套课程，支持学习进度追踪、多用户权限管理。不管是给孩子做启蒙，还是自己系统学技能，没网也完全不耽误。 搭载 ProtoMaps，支持下载各区域的离线地图，搜索、导航功能全离线可用，房车出行、户外探险、偏远地区作业，再也不怕没信号迷路。 CyberChef 加持，加密、编码、哈希、数据分析一站式搞定 FlatNotes 提供本地 Markdown 笔记能力，灵感随时记录 项目地址： https://github.com/Crosstalk-Solutions/project-nomad

Рассказываем, как хакеры «наказывают» нечестных игроков.

Author, Creator & Presenter: Seth Law, Founder of Redpoint Security

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

The post BSidesSLC 2025 – Faces In The Fog – Seth Law On Unconventional User Enumeration appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in Labf Axessh 4.2. Affected by this issue is some unknown functionality. The manipulation of the argument log file name results in out-of-bounds write. This vulnerability is reported as CVE-2019-25607. The attack requires a local approach. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in Alloksoft Fast AVI MPEG Joiner 1.2.0812. Affected by this vulnerability is an unknown functionality. The manipulation of the argument License Name leads to out-of-bounds write. This vulnerability is documented as CVE-2019-25606. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability classified as critical was found in Dvd-X-Player DVDXPlayer 5.5 Pro. Affected is an unknown function of the component plf File Handler. Executing a manipulation can lead to out-of-bounds write. This vulnerability is registered as CVE-2019-25604. The attack needs to be launched locally. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in GSearch 1.0.1.0. This impacts an unknown function of the component Search Field Handler. Performing a manipulation results in improper handling of overlap between protected memory ranges. This vulnerability is cataloged as CVE-2019-25602. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in UltraVNC Launcher 1.2.2.4. This affects an unknown function of the file vncviewer.exe of the component Properties Dialog. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2019-25601. The attack must be carried out locally. In addition, an exploit is available.

A vulnerability marked as critical has been reported in NSauditor 3.1.2.0. The impacted element is an unknown function. This manipulation of the argument SNMP Auditor Community causes out-of-bounds write. This vulnerability is tracked as CVE-2019-25597. The attack is restricted to local execution. Moreover, an exploit is present.

A vulnerability labeled as problematic has been found in Nsauditor SpotAuditor 5.2.6. The affected element is an unknown function of the component Registration Handler. The manipulation of the argument Name results in improper validation of specified type of input. This vulnerability is identified as CVE-2019-25596. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in jetAudio 8.1.7.20702. Impacted is an unknown function. The manipulation leads to use of pointer subtraction to determine size. This vulnerability is referenced as CVE-2019-25595. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in Xlinesoft ASPRunner.NET 10.1. This issue affects some unknown processing of the component Database Table Handler. Executing a manipulation of the argument table name can lead to reliance on untrusted inputs in a security decision. The identification of this vulnerability is CVE-2019-25594. The attack can only be executed locally. Furthermore, there is an exploit available.

A vulnerability was found in Jetaudio jetCast Server 2.0. It has been rated as problematic. This vulnerability affects unknown code of the component Configuration Handler. Performing a manipulation of the argument Log directory results in improper validation of specified index, position, or offset in input. This vulnerability was named CVE-2019-25593. The attack needs to be approached locally. In addition, an exploit is available.

A vulnerability was found in Labf Axessh 4.2. It has been declared as problematic. This affects an unknown part of the component Configuration Handler. Such manipulation of the argument log file name leads to assumed-immutable data is stored in writable memory. This vulnerability is uniquely identified as CVE-2019-25590. Local access is required to approach this attack. Moreover, an exploit is present.