Aggregator

4 weeks ago

A vulnerability, which was classified as critical, was found in Cisco Firepower Threat Defense. This issue affects some unknown processing of the component IPsec VPN. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-20222. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-20237 | Cisco ASA/Firepower Threat Defense expression/command delimiters (cisco-sa-asaftd-cmdinj-VEhFeZQ3 / WID-SEC-2025-1839)

4 weeks ago

A vulnerability identified as problematic has been detected in Cisco ASA and Firepower Threat Defense. Affected is an unknown function. The manipulation leads to improper neutralization of expression/command delimiters. This vulnerability is traded as CVE-2025-20237. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-20238 | Cisco ASA/Firepower Threat Defense internal asset exposed to unsafe debug access level or state (cisco-sa-asaftd-cmdinj-VEhFeZQ3 / WID-SEC-2025-1839)

4 weeks ago

A vulnerability labeled as problematic has been found in Cisco ASA and Firepower Threat Defense. Affected by this vulnerability is an unknown functionality. The manipulation leads to internal asset exposed to unsafe debug access level or state. This vulnerability is known as CVE-2025-20238. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2023-20030 | Cisco Identity Services Engine xml external entity reference (cisco-sa-ise-xxe-inj-GecEHY58 / EUVD-2023-24209)

4 weeks ago

A vulnerability was found in Cisco Identity Services Engine. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2023-20030. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

LLM越狱攻击与防御框架

4 weeks ago

SANS Digital Forensics and Incident Response

《LLM越狱攻击预防与框架 v3.3》系统梳理了大语言模型从指令注入到多模态对抗、表征工程到智能体工具滥用的全部越狱路径，配套可落地的防御体系（对齐-检测-沙箱-监控）。文档以威胁模型为纲，将攻击按提示工程、输出结构、优化、模糊、组合、MCP滥用六大类拆解，并提供测试脚本与红队演练方案，帮助安全团队在模型全生命周期内快速定位脆弱点、迭代加固。适用于AI产品、红队及合规审计人员。

Роды без женщин? Китай презентовал проект первого в мире робота-матки

Securitylab.ru

4 weeks ago

Эта машина способна пройти полный цикл беременности. Без вреда для вашего здоровья.

MacOS Endpoint Security Framework

4 weeks ago

SANS Digital Forensics and Incident Response

CVE-2025-20133 | Cisco ASA/Firepower Threat Defense SSL VPN memory leak (cisco-sa-asaftd-vpn-dos-mfPekA6e / WID-SEC-2025-1839)

4 weeks ago

A vulnerability classified as critical has been found in Cisco ASA and Firepower Threat Defense. Affected by this issue is some unknown functionality of the component SSL VPN. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-20133. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-20135 | Cisco ASA/Firepower Threat Defense Software DHCP Client memory leak (cisco-sa-asaftd-dhcp-qj7nGs4N / WID-SEC-2025-1839)

4 weeks ago

A vulnerability described as problematic has been identified in Cisco ASA and Firepower Threat Defense Software. This affects an unknown part of the component DHCP Client. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-20135. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-20253 | Cisco Adaptive Security Appliance Software IKEv2 Feature infinite loop (cisco-sa-asa-ftd-ios-dos-DOESHWHy / WID-SEC-2025-1838)

4 weeks ago

A vulnerability was found in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component IKEv2 Feature. The manipulation leads to infinite loop. This vulnerability is known as CVE-2025-20253. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-20239 | Cisco IOS/ASA/IOS XE/Firepower Threat Defense IKEv2 memory leak (cisco-sa-asa-ftd-ios-dos-DOESHWHy / WID-SEC-2025-1838)

4 weeks ago

A vulnerability categorized as problematic has been discovered in Cisco IOS, ASA, IOS XE and Firepower Threat Defense. This affects an unknown part of the component IKEv2 Handler. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-20239. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-20127 | Cisco ASA/Firepower Threat Defense denial of service (cisco-sa-3100_4200_tlsdos-2yNSCd54 / WID-SEC-2025-1839)

4 weeks ago

A vulnerability marked as problematic has been reported in Cisco ASA and Firepower Threat Defense. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-20127. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-20225 | Cisco IOS/ASA/IOS XE/Firepower Threat Defense IKEv2 memory leak (cisco-sa-asa-ftd-ios-dos-DOESHWHy / WID-SEC-2025-1838)

4 weeks ago

A vulnerability was found in Cisco IOS, ASA, IOS XE and Firepower Threat Defense. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IKEv2 Handler. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-20225. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Hype Cycle for Security Operations, 2025

4 weeks ago

Gartner《2025安全运营成熟度曲线》系统梳理了从漏洞管理到持续威胁暴露管理（CTEM）的演进路径，突出AI SOC代理、暴露评估平台（EAP）、对抗性暴露验证（AEV）等前沿技术的成熟度与商业价值。报告强调将传统资产可见性、威胁检测与响应、身份威胁检测与响应、网络检测与响应等能力整合为可编排、可度量的运营体系，以应对云原生、混合办公及CPS（网络-物理系统）带来的新攻击面。同时提供优先级矩阵，帮助企业在2年内快速落地高价值场景，或在5-10年内布局变革性架构如网络安全网格（CSMA）。

AI Agents for Offsec with Zero False Positives

4 weeks ago

本文是Black Hat USA 2025议题《AI Agents for Offsec with Zero False Positives》的讲稿，作者Brendan Dolan-Gavitt提出“AI代理+确定性验证”方案，解决传统LLM在漏洞挖掘中的高误报难题。通过“证据-验证”双阶段流程：LLM先定位可疑点，再用非AI脚本（flag回显、时延差异、缓存投毒等）进行可复现验证，已在Docker Hub 2500万镜像扫描中捕获174个漏洞、22个CVE，误报率趋近零。文中给出Redmine权限绕过、Druid SSRF、MapProxy文件读取等实战案例，并开源自动化工具链，为大规模安全测试提供新范式。

CVE-2025-45769 | firebase php-jwt 6.11.0 inadequate encryption

4 weeks ago

A vulnerability, which was classified as problematic, was found in firebase php-jwt 6.11.0. Affected by this vulnerability is an unknown functionality. The manipulation leads to inadequate encryption strength. This vulnerability is known as CVE-2025-45769. The attack needs to be done within the local network. There is no exploit available.

vuldb.com

CVE-2025-45766 | POCO 1.14.1 inadequate encryption

4 weeks ago

A vulnerability has been found in POCO 1.14.1 and classified as problematic. Affected is an unknown function. The manipulation leads to inadequate encryption strength. This vulnerability is traded as CVE-2025-45766. The attack needs to be initiated within the local network. There is no exploit available.

vuldb.com

CVE-2025-45770 | golang-jwt 5.4.3 inadequate encryption (EUVD-2025-23299)

4 weeks ago

A vulnerability classified as problematic has been found in golang-jwt jwt 5.4.3. This vulnerability affects unknown code. The manipulation leads to inadequate encryption strength. This vulnerability was named CVE-2025-45770. The attack needs to be approached within the local network. There is no exploit available.

vuldb.com

人工智能和数据保护培训课程之使用个人数据的安全AI系统基础知识

4 weeks ago