Aggregator

A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The identification of this vulnerability is CVE-2025-1448. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in PRTG Network Monitor up to 18.2.40. This issue affects some unknown processing of the file /public/login.htm. The manipulation as part of HTTP Request leads to improper access controls. The identification of this vulnerability is CVE-2018-19410. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing rate of 321 per second. The risk of encountering a threat climbed to 27.7% in Q4, with social engineering attacks accounting for 86% of all blocked threats. This underscores the increasingly sophisticated psychological tactics cybercriminals are using to deceive victims. “We’re continuing to see … More →

The post Cybercriminals shift focus to social media as attacks reach historic highs appeared first on Help Net Security.

Authors/Presenters: Tim Chase

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Manufacturing Lessons Learned, Lessons Taught appeared first on Security Boulevard.

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. This vulnerability was named CVE-2025-1447. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

SecWiki周刊（第572期) by ourren

DeepSeek 本地部署指南 by ourren

FlowPic：一种通用的加密流量分类与应用识别表示方法 by ourren

AI-Infra-Guard: AI基础设施安全评估系统 by ourren

更多最新文章，请访问SecWiki

Submit #494788 / VDB-296135

Submit #501978 / VDB-296134

“We moeten nu in actie komen. Europa heeft nog maar 1 kans om dit goed te doen.” Deze waarschuwing kwam gisteravond van minister van Defensie Ruben Brekelmans. In Maastricht benadrukte hij tijdens zijn Europalezing dat het continent niet kan rekenen op bescherming van de Verenigde Staten. Europa moet die volgens hem verdienen. “En daarvoor hebben we niet veel tijd.”

在《Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World》一书出版近十年之后，知名加密技术和隐私专家 Bruce Schneier 表示一切照旧，没有发生改变。NSA 及其世界各地的同行仍然竭尽所能的大规模收集数据。云服务、物联网设备和智能手机的普及使得个人几乎不可能保护自己的隐私。我们越来越多的数据储存在云端，身边有越来越多的物联网设备，以及总是随身携带智能手机，走到哪里，隐私就跟着丢到哪里。虽然欧洲颁发了 GDPR(General Data Protection Regulation)等法律对个人数据收集进行限制，但仍然未能解决监控资本主义作为一种商业模式这一核心问题。而 AI 的兴起可能会破坏端对端加密。因为 AI 助手需要云端算力处理数据，个人可能不得不向公司交出更多数据。Schneier  对未来仍然保持乐观，相信大规模监控最终会被视为不道德的，就像今天的血汗工厂。但这一转变可能需要 50 年或更长时间。

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 (CVSS score: 6.8) - The

In the past decade, social engineering attacks have become more sophisticated and prevalent than ever. From AI voice impersonation to deepfake video calls, cybercriminals are leveraging the latest technology to make their scams increasingly convincing. Despite growing awareness of these threats, social engineering remains one of the most successful attack methods because it exploits something technology can't secure—human psychology.

More than 70% of successful breaches start with social engineering attacks. Whether you're a business professional, student, or retiree, understanding how these scams work is your first line of defense.

The post Learn & Avoid Social Engineering Scams in 2025 appeared first on Security Boulevard.

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,

A vulnerability was found in D-Link DIR-859 A3 up to 1.05. It has been classified as critical. This affects an unknown part of the file /getcfg.php. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-57045. It is possible to initiate the attack remotely. There is no exploit available.

Unit21 launched its new scams solution that helps financial institutions and fintechs detect and stop scams before they cause financial harm. Using AI automation, the new solution can be integrated into a fraud team’s workflow to accelerate investigations and response times while also incorporating IP insights and consortium signals to prevent and detect scams before they hit consumer financial accounts. Advancements in technology have allowed criminals to scam consumers and businesses at unprecedented speed and … More →

The post Unit21 empowers financial institutions to detect and stop scams appeared first on Help Net Security.