Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.19.3. This affects the function of_node_put. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2022-50017. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Lakeside Softwareが提供するSysTrackには、ファイル検索パスの制御不備の脆弱性が存在します。

A vulnerability was found in Linux Kernel up to 4.19.255/5.4.210/5.10.137/5.15.62/5.19.3. It has been classified as problematic. This affects the function f2fs_bug_on of the component f2fs. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2022-50013. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.19.3. It has been classified as critical. Affected is an unknown function of the component ASoC. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-50015. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Разбираемся как избавиться от встроенного шпиона.

ChatGPT成功绕过Cloudflare Turnstile人机验证系统，在Reddit上展示其通过验证码的能力。该系统通过浏览器特性、鼠标轨迹等判断是否为机器人，但AI仍能轻松突破。

三星 One UI 8 的 Beta 版本被发现移除了 Bootloader Unlock 选项，意味着用户将无法解锁 bootloader 安装第三方 ROM。虽然大部分用户不会注意到或者在意 Bootloader 是否能解锁，但对开发者社区而言这是对 Mod 自由的重大打击。

In this Help Net Security interview, Seth Ruden, Senior Director of Global Advisory at BioCatch, discusses how financial institutions are addressing fraud. He explains how banks are using behavioral biometrics, device fingerprinting, and network intelligence to enhance fraud prevention. Ruden talks about how fraud prevention is moving beyond rules-based systems toward risk-scoring models and graph-based anomaly detection, and points out how scam playbook simulations and red teaming help strengthen financial institutions’ defenses. Have you seen … More →

The post Why behavioral intelligence is becoming the bank fraud team’s best friend appeared first on Help Net Security.

丈八网安推出的网络靶场与网络兵棋推演系统，共同构建了“技术－策略”双螺旋驱动的防御体系。

使用技嘉主板的来自不同OEM的计算机可能面临攻击风险，因此建议用户关注固件更新并及时应用它们。

微软在Windows 11中新增图片搜索窗格，在搜索框中直接显示图片预览。该功能基于关键词匹配文件夹或文件名称，并未使用AI识别图片内容。当前版本仅支持文字匹配结果，新增的图片窗格使搜索更直观。未来可能引入基于AI的图片内容识别功能。

We have reached a stage where ransomware isn’t simply a cybercrime issue: it is now clearly a business disruptor, a threat to societal trust, and increasingly, a national security crisis. As James Babbage, Director General (Threats) at the UK’s National Crime Agency (NCA), recently noted, ransomware is “a national security threat in its own right, both here and throughout the world.” Alarmingly, despite years of targeted operations, global strategy papers, and industry guidance, ransomware groups … More →

The post Ransomware will thrive until we change our strategy appeared first on Help Net Security.

索尼互动于 7 月 25 日向加州法庭起诉腾讯抄袭其《地平线》系列游戏，指控腾讯版权和商标侵犯。腾讯旗下工作室 Polaris Quest 最近发布了《Light of Motiram》的预告片，该游戏背景与索尼旗下工作室 Guerrilla Games 开发的《地平线（Horizon）》 系列游戏《地平线 零之曙光》和《地平线 西之绝境》几乎如出一辙，都发生在机械占领的末世后文明世界，女主角身穿类似猎人的服装与机械生物进行决战。索尼指控腾讯的抄袭行为是疯狂而无耻。索尼称，腾讯曾试图获得《地平线》系列的 IP 授权但遭到了它的拒绝。

Linux Kernel计划通过补丁规范AI工具在开发中的使用，要求标注AI生成代码的工具和模型版本，以确保透明度和一致性。

As the space sector becomes more commercial and military-focused, these assets are becoming attractive targets. The global space economy is booming and is expected to increase from $630 billion in 2023 to $1.8 trillion by 2035. This means the need to protect space infrastructure from cyber threats will only grow larger and more complex. Why space systems are vulnerable There are around 11,700 active satellites currently orbiting Earth , and with more commercial players entering … More →

The post The final frontier of cybersecurity is now in space appeared first on Help Net Security.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-07-29, 42 days ago. The vendor is given until 2025-11-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 2.4 AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L severity vulnerability discovered by 'Jay Turla of VicOne' was reported to the affected vendor on: 2025-07-29, 42 days ago. The vendor is given until 2025-11-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Research' was reported to the affected vendor on: 2025-07-29, 1 days ago. The vendor is given until 2025-11-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.