Aggregator

微软在 Windows 11 25H2 测试版中更改了快捷方式功能，导致无法显示完整路径和追加启动参数。用户可手动创建快捷方式以恢复部分功能。

Generative AI models are rapidly evolving into fully-fledged instruments within the arsenals of cyber adversaries. This trend is underscored in CrowdStrike’s 2025 annual report, which highlights a sharp increase in the use of artificial...

The post The AI Cyberwar Is Here: CrowdStrike Report Exposes How Attackers Use AI to Automate Vishing, Phishing, & Espionage appeared first on Penetration Testing Tools.

欢迎报名！

Финитизм меняет математику.

A large-scale campaign exploiting a chain of vulnerabilities in Microsoft SharePoint continues to escalate—this time with the active involvement of ransomware groups. During an investigation into a series of coordinated attacks, researchers at Palo...

The post The ToolShell Threat Escalates: New 4L4MD4R Ransomware Joins China-Linked APTs in SharePoint Attacks appeared first on Penetration Testing Tools.

文章介绍了错误代码521的含义及其常见原因。该错误通常与Cloudflare服务相关，表明原始服务器未响应请求。文章解释了可能导致此错误的原因，如服务器过载、网络中断或配置问题，并提供了排查和解决该问题的方法。

HackerNews 编译，转载请注明出处： 年龄验证系统无助于使互联网对儿童更安全。根据电子前沿基金会（EFF）的说法，这是保护儿童上网的最新“误导性尝试”之一。 2025年7月25日，英国《在线安全法案》正式生效。该立法旨在防止未成年人访问含有色情内容及其他有害信息的网站，例如涉及自残、饮食失调或自杀的内容。 新法规要求网站所有者和应用程序开发者部署年龄验证系统及控制措施以核验用户年龄。拒绝合规的平台将面临最高1800万英镑或其全球年营业额10%（以较高者为准）的罚款。 自法案提出之初，批评者便质疑其有效性。埃隆·马斯克（Elon Musk）指责英国政府“加强审查制度”。英国Spotify用户同样不满，认为政府此举为“警察国家”铺平了道路。 致力于维护互联网公民自由的国际非营利组织——电子前沿基金会（EFF）也对《在线安全法案》提出批评。 该民权组织指出，该法案不过是保护儿童上网的“误导性方案”，并呼吁政界人士探索更有效的年龄验证方法。 “《在线安全法案》威胁用户隐私，通过仲裁网络言论限制表达自由，面部检查导致用户遭受算法歧视，更使数百万没有个人设备或身份证件的群体被排除在网络之外，”EFF在博客中声明，“若英国真想实现‘全球最安全网络空间’的目标，就必须率先推行真正保护所有用户（包括儿童）的政策，而非强制实施伤害本应保护对象的法规。” 英国通信管理局Ofcom回应称，虽知年龄验证系统并非“万全之策”，但仍支持该立法。 “过去儿童即使无意搜索也可能轻易接触到色情等有害内容。年龄核验将有效阻止此类情况，”Ofcom网络安全事务总监奥利弗·格里菲斯（Oliver Griffiths）在法案生效时向媒体表示，“我们正在评估平台合规情况，未达标企业将面临执法行动。”       消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

At first glance, static RAM (SRAM) appeared to be a reliable sanctuary for sensitive data. Embedded directly within the processor die and incapable of retaining information once power is cut, it was long considered...

The post Volt Boot Attack: New Physical Exploit Bypasses Cold Boot Defenses to Steal Secrets from On-Chip SRAM appeared first on Penetration Testing Tools.

The French fashion house Chanel has become the latest victim of an ongoing data compromise campaign targeting users of the Salesforce platform, suffering a breach of personal client information in the United States. The...

The post Chanel Client Data Breached in Widespread ShinyHunters Campaign Targeting Salesforce appeared first on Penetration Testing Tools.

A vulnerability was found in Dell PowerProtect Data Domain. It has been classified as critical. This affects an unknown part. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2025-36594. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in DrayTek AP903, AP912C and AP918R. It has been rated as problematic. This issue affects some unknown processing of the file clients.conf of the component Setting Handler. The manipulation of the argument secret leads to weak password requirements. The identification of this vulnerability is CVE-2025-44643. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Austrian Archaeological Institute OpenAtlas 8.11.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-51536. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as problematic was found in Dell Digital Delivery up to 5.6.1.0. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2025-38739. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Ruckus Virtual SmartZone and Network Director. This issue affects some unknown processing. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-44955. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingdee.K3.O2O.Base.WebApp.jar!\kingdee\k3\o2o\base\webapp\action\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. This vulnerability is traded as CVE-2025-8516. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor recommends as a short-term measure to "[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control." The long-term remediation will be: "Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function."

A vulnerability was found in Apache Zeppelin up to 0.11.x. It has been classified as problematic. This affects an unknown part of the component JDBC URL Validation Handler. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2024-52279. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Zeppelin up to 0.11.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing origin validation in websockets. This vulnerability is handled as CVE-2024-51775. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-8494. The attack may be initiated remotely. Furthermore, there is an exploit available.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert, adding three vulnerabilities affecting D-Link devices to its Known Exploited Vulnerabilities (KEV) Catalog. The inclusion of these flaws in the catalog signifies that they are being actively exploited by malicious cyber actors in real-world attacks, posing a significant threat to networks. The […]

The post CISA Warns of D-Link Vulnerabilities Actively Exploited in Attacks appeared first on Cyber Security News.

A vulnerability was found in Maxthon International Maxthon3 Browser up to 3.2 and classified as problematic. This issue affects the function maxthon.program.Program.launch/maxthon.io.writeDataURL. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2012-10032. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.