Aggregator

CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month ago

The Cybersecurity and Infrastructure Security Agency (CISA) has released ten industrial control systems (ICS) advisories on August 7, 2025, highlighting critical vulnerabilities across various industrial automation and control platforms. These advisories represent a comprehensive effort to address security gaps that could potentially impact critical infrastructure operations across multiple sectors including manufacturing, energy, and transportation systems. […]

The post CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Windows User Account Control Bypassed Using Character Editor to Escalate Privileges

Cyber Security News
1 month ago

A sophisticated new technique that exploits the Windows Private Character Editor to bypass User Account Control (UAC) and achieve privilege escalation without user intervention, raising significant concerns for system administrators worldwide. The attack disclosed by Matan Bahar leverages eudcedit.exeMicrosoft’s built-in Private Character Editor, located in C:\Windows\System32, which was originally designed to create and edit End-User […]

The post Windows User Account Control Bypassed Using Character Editor to Escalate Privileges appeared first on Cyber Security News.

Guru Baran

PCIe 8.0 传输率达到 256.0 GT/s

Solidot
1 month ago
负责制定 PCIe 规范的行业组织 PCI-SIG 已经完成了 PCIe 7.0 的制定,PCIe 7.0 设备在 x16 通道配置下能实现双向 128.0 GT/s 和最高 512 GB/s 的传输率。对于下一代 PCIe 8.0,PCI-SIG 证实支持的传输率将达到 256.0 GT/s,x16 通道配置双向最高 1 TB/s 的传输率。PCIe 8.0 规范预计将在 2028 年发布,而 PCIe 8.0 设备上市可能要到 2030 年。

WDTA AI STR 04 - AI智能体运行安全测试标准

不安全
1 month ago
AI代理在关键系统中广泛应用的同时面临多种风险。新标准提供了一种系统化的方法来测试其韧性,并确保符合伦理和安全要求。该标准遵循WDTA的3S原则,推动了国际协作与安全AI的发展,并为开发者、审核员和政策制定者提供了实用指导。

WDTA AI STR 04 - AI智能体运行安全测试标准

信息安全知识库
1 month ago
本文链接


AI agents increasingly drive critical systems—from healthcare diagnostics to autonomous vehicles. Yet their autonomy introduces vulnerabilities: adversarial attacks, data leakage, and unintended harmful behaviors. This standard provides a systematic methodology to test agent resilience across interfaces, models, tools, and life-cycle stages, ensuring they operate within ethical and safety boundaries.

Aligned with WDTA’s 3S principles (Speed, Safety, Sharing), this document accelerates secure AI adoption while fostering international collaboration. We commend the AI STR Working Group and contributors for pioneering a framework that balances innovation with accountability. Their expertise delivers actionable guidance for developers, auditors, and policymakers to build AI systems that serve humanity securely.

HTTP is not simple

不安全
1 month ago
作者认为HTTP并非简单协议,尤其是HTTP/1尽管看似易于使用和理解,但其实际实现涉及众多复杂细节。包括文本处理、头部折叠、结束标记、数字解析等问题。此外,不同版本的累积复杂性和浏览器实现的影响进一步增加了难度。尽管如此,HTTP的成功可能与其复杂性密不可分。

CVE-2025-8746 | GNU libopts up to 27.6 __strstr_sse2 memory corruption (Issue 957)

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-8746. Local access is required to approach this attack. Furthermore, there is an exploit available. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library."
vuldb.com

Scammers mass-mailing the Efimer Trojan to steal crypto

不安全
1 month ago
Efimer是一种通过伪装律师邮件、恶意种子和WordPress网站传播的恶意软件,主要窃取加密货币钱包地址并替换为攻击者地址。它利用Tor网络与C2服务器通信,并具备扩展功能以进一步传播和攻击。该恶意软件已影响全球多个地区用户。

Managed ad