Aggregator

This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports do not include. This article covers the monitoring results for the period January to March 2025. Trends of...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), urging organizations to take immediate action to mitigate the threat. The flaw, tracked as CVE-2019-9621, is a server-side request forgery (SSRF) vulnerability that resides in the ProxyServlet component of ZCS and has […]

The post CISA Issues Alert Over Actively Exploited Flaw in Zimbra Collaboration Suite appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

罗马仕移动电源发生起火爆炸事故,用户在正常充电时设备突然异响并起火,所幸及时处理未造成严重后果。值得注意的是,该用户的设备不在召回范围内,意味着其他未召回型号也存在安全隐患。此前,罗马仕已召回多款可能存在风险的移动电源,但仍有未召回产品出现问题。部分用户质疑产品质量,称部分型号缺乏温控探头和过热保护功能,可能因用料节省导致安全隐患。目前,关于退款和召回的问题仍在处理中,罗马仕已停工停产,但负责召回的员工仍在工作。

Secure Boot проверяет подписи. Но не там, где надо — и это катастрофа.

自由软件基金会（FSF）遭遇持续性DDoS攻击近一年，同时面临大量AI爬虫的高频抓取压力。攻击源自僵尸网络和伪装爬虫的自动化程序，导致服务器负载过重。FSF仅有两名全职管理员应对问题。类似情况曾迫使维基百科打包数据供下载以减少抓取压力。

这篇文章介绍了HackerNoon平台上的热门技术内容，涵盖AI moderation系统优化、多租户授权实现方法、PyIceberg工具指南以及HackerNoon与Sia Foundation的合作项目等技术话题。

本文探讨了如何通过聚焦技术（focusing）解决Core语言中卡住的计算问题，并详细介绍了静态聚焦方法及其在二元运算符和数据类型中的应用。作者还讨论了聚焦带来的行政冗余问题及其优化方案。

In this Help Net Security interview, Dan DeCloss, Founder and CTO at PlexTrac, discusses the role of exposure management in cybersecurity and how it helps organizations gain visibility into their attack surface to improve risk assessment and prioritization. He also explains how PlexTrac’s platform streamlines the reporting process and enables teams to collaborate more effectively to speed up remediation. DeCloss looks forward to widespread adoption of Continuous Threat Exposure Management, believing it will help close … More →

The post Exposure management is the answer to: “Am I working on the right things?” appeared first on Help Net Security.

Claude Code被视为与2022年的ChatGPT同样重要的突破，专注于行动而非知识处理。其成功基于结构化支持而非模型智能，并被认为具备成为基础通用人工智能（proto-AGI）的潜力。

当前环境异常，需完成验证后方可继续访问。

在智慧医疗与数字化转型加速推进的当下，医疗行业网络安全面临全新挑战。随着互联网医院普及、医疗物联网设备激增、诊疗数据云端共享等趋势发展，医疗系统正面临勒索软件攻击高发、患者隐私数据泄露、医疗设备劫持等新型安全威胁。安全防护重点已从传统的系统可用性保障，转向诊疗业务连续性保障和医疗数据全流程保护的双重目标。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，当前医疗行业网络安全建设呈现几点关键特征：首先，医疗机构正加速补齐安全能力短板，特别是在医疗物联网设备防护和互联网医院安全方面投入显著增加。其次，诊疗数据安全保护成为核心诉求。第三，安全防护与诊疗业务深度融合。与此同时，医疗行业正积极探索新型安全技术应用。并且，医疗行业网络安全建设仍面临人才短缺、老旧系统改造等挑战，需要持续加强投入和创新。 基于这些发现，我们将重点展示几个具有代表性的医疗行业优秀安全解决方案，为医疗行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编 2025中国网络安全「能源行业」优秀解决方案汇编 2025中国网络安全「制造行业」优秀解决方案汇编 2025中国网络安全「电力（水利）行业」优秀解决方案汇编 2025中国网络安全「互联网行业」优秀解决方案汇编 2025中国网络安全「运营商行业」优秀解决方案汇编

美国联邦通信委员会计划将 Wi-Fi 使用的 6GHz 频段部分拍卖给移动运营商用于蜂窝网络，导致 Wi-Fi 可用频段减少，可能引发网络拥挤和速度下降。

A vulnerability was found in Woodmart Plugin up to 8.2.3 on WordPress. It has been declared as critical. Affected by this vulnerability is the function woodmart_get_products_shortcode of the component Shortcode Handler. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2025-6744. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in SAP BusinessObjects Content Administrator workbench. It has been classified as problematic. Affected is an unknown function. The manipulation leads to open redirect. This vulnerability is traded as CVE-2025-42985. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SAP GUI 8.00 on Windows and classified as problematic. This issue affects some unknown processing of the component GuiXT Application. The manipulation leads to insecure storage of sensitive information. The identification of this vulnerability is CVE-2025-42979. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in SAP NetWeaver Application Server ABAP up to 816 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to open redirect. This vulnerability was named CVE-2025-42981. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in SAP NetWeaver Application Server Java 7.50. Affected by this issue is some unknown functionality of the component TLS Connection Handler. The manipulation leads to improper verification of source of a communication channel. This vulnerability is handled as CVE-2025-42978. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in SAP NetWeaver Enterprise Portal Federated Portal Network 7.50. This affects an unknown part. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-42980. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application 2025/2027/ENTERPRISE 430. Affected by this vulnerability is an unknown functionality of the component Requests Handler. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-42965. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in SAP SAPCAR 7.22EXT/SAP_ 7.53. Affected is an unknown function of the component File Extraction Handler. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-42971. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.