热点|马来西亚机场遭千万美元勒索攻击,10小时系统瘫痪暴露“数字软肋”
勒索软件无差别攻击实现全域渗透,接连撕开机场、通信、汽车等行业安全缺口
Aggregator
再拓联营联运“朋友圈”,360在豫发力新质人才培养
11 months 3 weeks ago
安全客
Mozilla fixed critical Firefox vulnerability CVE-2025-2857
11 months 3 weeks ago
Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Recently, Google addressed a similar vulnerability, tracked as CVE-2025-2783, in Chrome that has been actively exploited in the wild as a zero-day. […]
Pierluigi Paganini
Лицо под защитой закона: Китай определил новые границы цифровой идентификации
11 months 3 weeks ago
Китай запускает закон о контроле за распознаванием лиц.
观点 | 让公共安全与隐私保护相得益彰
11 months 3 weeks ago
随着数字技术的发展和治理体系的现代化,公共场所视频图像采集已成为公共安全治理的必要手段,其积极作用为广大民众认可,但与之相伴的国家数据信息安全和个人隐私保护问题也成为社会广泛关注的焦点。
前沿 | 加强量子人工智能伦理治理
11 months 3 weeks ago
随着量子技术的飞速发展和人工智能的广泛应用,量子人工智能这一前沿领域的伦理问题日益引起国际社会的广泛关注。我国政府高度重视量子人工智能的发展,将其列为战略性新兴产业。
专家解读 | 周辉:明确人脸识别应用边界 完善个人信息权益保障
11 months 3 weeks ago
近日,国家互联网信息办公室、公安部联合公布了《人脸识别技术应用安全管理办法》,针对人脸识别技术的应用提出了系统化的规范指引,旨在应对人脸识别技术滥用,完善治理机制,保护个人信息权益,维护社会秩序和公共安全。
专家解读 | 张凌寒:引领国际人工智能生成内容标识实践 营造清朗网络空间
11 months 3 weeks ago
2022年以来,国内外生成式人工智能大模型快速迭代发展,改变了传统的内容生产与信息传播范式。与此同时,生成式人工智能带来的深度伪造、虚假信息等潜在风险进入国际社会规制视野,各国纷纷采取措施应对。
关注 | 针对个人信息保护问题,四部门联合开展专项行动
11 months 3 weeks ago
2025年,四部门进一步深入治理常用服务产品和常见生活场景中存在的违法违规收集使用个人信息典型问题,切实维护人民群众在网络空间合法权益,着力提升人民群众满意度、获得感。
重磅 | 《中华人民共和国网络安全法(修正草案再次征求意见稿)》公布,主要修改四方面内容
11 months 3 weeks ago
意见反馈截止时间为2025年4月27日。
Firefox 存在严重漏洞,类似于 Chrome 已遭利用0day
11 months 3 weeks ago
速更新
已存在9年的 npm 包遭劫持,通过混淆脚本投毒提取API密钥
11 months 3 weeks ago
这起软件供应链攻击的幕后动机尚不明确
已存在9年的 npm 包遭劫持,通过混淆脚本投毒提取API密钥
11 months 3 weeks ago
这起软件供应链攻击的幕后动机尚不明确
Firefox 存在严重漏洞,类似于 Chrome 已遭利用0day
11 months 3 weeks ago
速更新
已存在9年的 npm 包遭劫持,通过混淆脚本投毒提取API密钥
11 months 3 weeks ago
这起软件供应链攻击的幕后动机尚不明确
Firefox 存在严重漏洞,类似于 Chrome 已遭利用0day
11 months 3 weeks ago
速更新
已存在9年的 npm 包遭劫持,通过混淆脚本投毒提取API密钥
11 months 3 weeks ago
这起软件供应链攻击的幕后动机尚不明确
CVE-2024-28041 | KDDI HGW BL1500HM up to 002.001.013 improper authentication
11 months 3 weeks ago
A vulnerability has been found in KDDI HGW BL1500HM up to 002.001.013 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication.
This vulnerability was named CVE-2024-28041. The attack needs to be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2025-24662 | LearnDash LMS Plugin up to 4.20.0.1 on WordPress authorization
11 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in LearnDash LMS Plugin up to 4.20.0.1 on WordPress. This affects an unknown part. The manipulation leads to missing authorization.
This vulnerability is uniquely identified as CVE-2025-24662. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-26852 | DESCOR INFOCAD up to 3.5.1 sql injection
11 months 3 weeks ago
A vulnerability was found in DESCOR INFOCAD up to 3.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection.
This vulnerability is known as CVE-2025-26852. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com