英文文章归档 - 第15页共17页

Feature：英文文章

@Pikachu · 16 天前

0-Click RCE Vulnerability in Samsung Smartphones Let Attackers Trigger OOB Write – Technical Analysis

Google Security researchers have disclosed a critical vulnerability, tagged as CVE-2024-49415, affecting Samsung smartphones last year and reported to Samsung with a 90-day deadline to patch. This zero-click remote code execu ...

@Pikachu · 16 天前

Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited

A zero-day vulnerability in the Windows Common Log File System (CLFS) driver, designated as CVE-2024-49138. This critical flaw, identified by CrowdStrike’s Advanced Research Team, allows attackers to escalate privileges to SYS ...

@Pikachu · 16 天前

Apple Zero-day Vulnerability Actively Exploited to Attack iPhone Users

Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users. The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framew ...

@Pikachu · 16 天前

Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands

A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary commands on affected devices, ...

@Pikachu · 16 天前

BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised

BeyondTrust, a leading identity and access management firm, disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The breach was attributed to the exploitation of zero-day vulnerabili ...

@Pikachu · 16 天前

MobSF Framework Zero-day Vulnerability Let Attackers Trigger Dos in Scans Results

A zero-day vulnerability has been discovered in the Mobile Security Framework (MobSF), an automated platform for mobile application penetration testing, malware analysis, and security assessments. The flaw, identified as a Pa ...

@Pikachu · 16 天前

Addressing CVE-2025-25429: Mitigating Stored XSS in Trendnet TEW-929DRU Routers

Understanding CVE-2025-25429: Stored XSS Vulnerability The recently published CVE-2025-25429 identifies a significant security vulnerability found in Trendnet TEW-929DRU router version 1.0.0.10. This vulnerability pertains to a S ...

@Pikachu · 16 天前

Understanding CVE-2025-25478: Vulnerability in Syspass 3.2.x and Mitigation Strategies

Overview of CVE-2025-25478CVE-2025-25478 is a vulnerability that has been identified in the account file upload functionality of Syspass 3.2.x. The issue arises from the application’s inability to correctly manage special charact ...

@Pikachu · 16 天前

Understanding and Mitigating CVE-2025-25476: A Vulnerability in SysPass 3.2.x

Introduction to CVE-2025-25476CVE-2025-25476 is a stored cross-site scripting (XSS) vulnerability discovered in SysPass version 3.2.x. This vulnerability allows an attacker with elevated privileges to execute arbitrary JavaScript ...

@Pikachu · 16 天前

CVE-2025-25379: Understanding and Mitigating the CSRF Vulnerability in 07FLYCMS v.1.3.9

Background on CVE-2025-25379 CVE-2025-25379 is a critical Cross Site Request Forgery (CSRF) vulnerability discovered in the 07FLYCMS version 1.3.9. This vulnerability is concerning due to its potential to allow remote attackers t ...

Pikachu Hacker