Aggregator

Никто не защищён — даже те, кто думает иначе.

这是敲敲打卡的一个公益项目：「一起打卡一起捐」。 初心简单——希望你坚持打卡，「敲敲成为更好的自己」，也顺便帮到别人。 让自己快乐的同时，也给世界带去一份滋养。 每月我们都会做一次捐赠公示，这已经是我们和敲友一起坚持的第四个月。（项目缘起可以看这篇 Do Good Have Fun） 「一起打卡一起捐」的活动会持续到今年最后一天。 非常期待你能一起加入！ 参加方式： 1. 扫码加入你感兴趣的打卡小组 2. 应用商店搜索「敲敲打卡」App，下载完成后你就在打卡小组里了。

赶在黑客在野利用之前发现了SQLite 开源数据库引擎中的一个高危内存损坏漏洞CVE-2025-6965（CVSS评分7.2）。

速修复

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even inexperienced threat actors with

Attackers are increasingly leveraging the ClickFix social engineering technique to distribute potent malware families, including NetSupport RAT, Latrodectus, and Lumma Stealer. This method, which emerged prominently in recent months, tricks users into executing malicious commands under the guise of resolving common computer issues like performance glitches or verification prompts. By hijacking the clipboard through JavaScript […]

The post Hackers Exploit ClickFix Tactics to Spread NetSupport RAT, Latrodectus, and Lumma Stealer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

该组织十分活跃，不断开发各类攻击载荷，包括模板注入文档、宏文档、LNK文件、HTML文件、SFX自解压文件等

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

VMware устроила матрёшку для хакеров.

手慢无~

企业需紧急修复

文末投递简历

看雪论坛作者ID：SleepAlone

A critical security vulnerability has been discovered in Lenovo’s protection driver software, affecting millions of users across desktop and laptop systems. The flaw, identified as CVE-2025-4657, allows local attackers with elevated privileges to execute arbitrary code through a buffer overflow exploit, posing significant security risks to enterprise and consumer environments. Vulnerability Details and Impact The […]

The post Lenovo Protection Driver Flaw Enables Privilege Escalation and Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

OpenAI's next foundational and state-of-the-art model, GPT-5, is still on its way after a delay. OpenAI won't tell us the release date for now. [...]

LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked […]

新闻出版商行业协会 The News/Media Alliance 宣布成功关闭了帮助用户绕过付费墙的服务 12ft.io。12ft.io 的托管商在该组织的施压下于 7 月 14 日下线了网站。12ft.io 全称 12 Foot Ladder，通过将用户的浏览器伪装成 Web 爬虫从而不受限制的访问网站内容，避开广告、跟踪程序以及弹出式窗口。12ft.io 是由软件工程师 Thomas Millar 在新冠疫情期间创建的，他当时发现 Google 搜索结果前 10 中有 8 个设置了付费墙。12ft.io 下线了，但类似的自托管工具 13 Feet Ladder 允许用户创建无数的 12ft.io。

近期，一些不法机构或平台通过虚假宣传手段，诱导消费者办理网络贷款，不仅给消费者带来沉重的经济负担，还可能使消费者陷入法律纠纷。国家金融监督管理总局金融消费者权益保护局发布风险提示，提醒广大群众警惕虚假宣传诱导网络贷款的风险，提高风险防范意识

近日，国家互联网信息办公室发布《可能影响未成年人身心健康的网络信息分类办法（征求意见稿）》，向社会公开征求意见，进一步明确可能影响未成年人身心健康的网络信息的具体种类、范围、判断标准和提示办法。意见反馈截止日期为2025年7月19日。