Aggregator

研究人员通过手动测试发现Cloudflare隐藏的SQL注入漏洞。输入单引号导致搜索结果消失且无错误提示，自动化工具未能检测到异常。HTTP响应显示SQL查询失败，揭示潜在漏洞。

一位安全研究人员通过手动测试发现了一个隐藏在Cloudflare严格WAF背后的SQL注入漏洞。在测试API端点时，输入单引号导致结果消失且无错误提示，进一步测试显示HTTP响应异常。这种静默失败表明潜在漏洞存在，而自动化工具可能无法检测到此类问题。

三个月前发现SaaS公司API中的低严重性SSRF漏洞,通过内部端口扫描逐步获取AWS访问权限,窃取凭证并获得1.5万美元云信用额度,详细披露攻击链及代码片段。

三个月前发现一个低严重性的SSRF漏洞，从内部端口扫描升级为全面AWS访问、窃取凭证及获取1.5万美元云积分。作者详细揭示了攻击链并提供代码示例。

In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the root causes of this trust gap, including poor visibility, inadequate governance, and the growing complexity introduced by AI. Guzzetti also shares practical guidance for building more resilient vendor relationships through tiered oversight, continuous … More →

The post Third-party partners or ticking time bombs? appeared first on Help Net Security.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02 on August 7, 2025, requiring federal agencies to immediately address a critical vulnerability in Microsoft Exchange hybrid configurations that could allow attackers to escalate from on-premises systems to cloud environments. Critical Security Vulnerability Discovered CISA has identified a post-authentication vulnerability designated CVE-2025-53786 affecting […]

The post CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have successfully demonstrated a sophisticated exploit of the Retbleed vulnerability, a critical CPU security flaw that allows attackers to read arbitrary memory from any process running on affected systems. The exploit, which builds upon research originally published by ETH Zürich in 2022, showcases how modern processor vulnerabilities continue to pose significant threats to system […]

The post Retbleed Vulnerability Exploited to Access Any Process’s Memory on Newer CPUs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Нам никуда не скрыться от невидимых сенсоров. Они повсюду.

CISA has issued an emergency advisory directing all Federal Civilian Executive Branch agencies to mitigate a newly disclosed Microsoft Exchange urgently hybrid-joined vulnerability, tracked as CVE-2025-53786, by 9:00 AM EDT on Monday, August 11, 2025. The flaw enables attackers who have already gained administrative access to an on‑premises Exchange server to laterally move into connected […]

The post CISA Releases Emergency Advisory Urges Feds to Patch Exchange Server Vulnerability by Monday appeared first on Cyber Security News.

Cybercriminals are getting better at lying. That’s the takeaway from a new LevelBlue report, which outlines how attackers are using social engineering and legitimate tools to quietly move through environments before they’re caught. Data showing at what stage an incident was detected (Source: LevelBlue) In that short window, the number of customers affected by security incidents nearly tripled. The rate jumped from 6 percent in late 2024 to 17 percent in early 2025. More than … More →

The post From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends appeared first on Help Net Security.

OpenAI has officially launched ChatGPT-5, marking a significant leap forward in artificial intelligence technology with a revolutionary unified system that combines multiple specialized models to deliver unprecedented performance and versatility. The launch represents the most substantial advancement in conversational AI since the debut of its predecessors, introducing groundbreaking capabilities that promise to transform how users […]

The post ChatGPT-5 Launches – Discover What’s New in the Next-Gen AI Agent appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章指出某服务在2019年发生数据泄露事件，影响843,700个账户，并建议用户立即更改密码、启用双重身份验证，并使用密码管理器保护账户安全。

文章介绍了一次性密码（OTP）及其两种常见算法：HOTP（基于计数器）和TOTP（基于时间）。HOTP通过递增计数器生成密码，而TOTP则依赖当前时间生成动态密码。两者在多因素认证、无密码登录、交易验证等领域广泛应用。文章还探讨了OTP的安全性、实现考虑及与现代身份管理系统的集成。

Explore OTP generation algorithms like HOTP and TOTP. Understand their differences, security, and implementation for robust authentication in CIAM and passwordless systems.

The post Decoding OTP A Deep Dive into HOTP and TOTP Algorithms appeared first on Security Boulevard.

文章介绍了一个OSINT工具选择向导，通过回答几个问题（如调查对象、拥有的信息和目标），帮助用户快速从大量开源情报工具中找到最适合的工具。该向导基于OSINT Framework数据库，并提供专业工作流程建议。

Over a third of companies say they are using AI, including generative AI, to fight fraud, according to Experian. As fraud threats become more complex, companies are accelerating their investments with over half adopting new analytics and building AI models to enhance customer decision-making. The AI paradox AI is playing a double role in the fight against fraud. It’s helping businesses detect threats faster, but it’s also fueling new scams like deepfakes and impersonation. Agentic … More →

The post Fraud controls don’t guarantee consumer trust appeared first on Help Net Security.

A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft. Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, […]

The post Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands appeared first on Cyber Security News.

Ведомство сообщило о первом уголовном деле.

当前环境出现异常，需完成验证后方可继续访问。

CSOP 2025·北京站 亮点前瞻