Google потратил годы на защиту, хакеры — 16 часов на взлом
Google переписал безопасность cookies — и случайно помог взломать Windows.
Aggregator
CVE-2025-32463的解析(附poc及其解析)
1 month 2 weeks ago
文章描述了一个利用sudo的-R/--chroot选项进行提权的漏洞(CVE-2025-32463)。攻击者通过构造恶意chroot环境,在sudo解析用户信息前加载伪造的NSS动态库,从而绕过权限控制并获得root权限。
U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog
1 month 2 weeks ago
美国网络安全和基础设施安全局(CISA)将TeleMessage TM SGNL的两个漏洞加入已知被利用的漏洞目录。这两个漏洞分别为CVE-2025-48927(CVSS 5.3)和CVE-2025-48928(CVSS 4.0),涉及资源初始化不安全默认配置和核心转储文件未经授权暴露问题。这些漏洞已在2025年5月被实际利用,CISA要求联邦机构于7月22日前修复。
U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog
1 month 2 weeks ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-48927 is an Initialization of a Resource with an Insecure Default […]
Pierluigi Paganini
How Monitoring Users’ Holistic Digital Identities Can Help Businesses Eliminate Cybercriminals’ Greatest Advantage
1 month 2 weeks ago
网络犯罪分子通过整合多来源数据攻击企业系统,传统安全措施无法覆盖全部风险。企业需监控用户全面在线身份以减少漏洞。
How Monitoring Users’ Holistic Digital Identities Can Help Businesses Eliminate Cybercriminals’ Greatest Advantage
1 month 2 weeks ago
Businesses must take the threat of identity-based attacks seriously and adapt their cybersecurity practices to address this challenge.
The post How Monitoring Users’ Holistic Digital Identities Can Help Businesses Eliminate Cybercriminals’ Greatest Advantage appeared first on Security Boulevard.
Damon Fleury
JVN: 複数のFesto Didactic製品およびFesto製品における複数の脆弱性
1 month 2 weeks ago
Festo DidacticおよびFestoが提供する複数の製品には、複数の脆弱性が存在します。
JVN: Voltronic PowerおよびPowerShield製の複数のUPSモニタリングソフトウェアにおける複数の脆弱性
1 month 2 weeks ago
Voltronic Power Technology Corp.およびPowerShield Pty Ltd.が提供する複数のUPSモニタリングソフトウェアには、複数の脆弱性が存在します。
JVN: 複数のHitachi Energy製品における複数の脆弱性
1 month 2 weeks ago
Hitachi Energyが提供する複数の製品には、複数の脆弱性が存在します。
带有Markdown支持的记事本应用现已推送到Windows 11正式版
1 month 2 weeks ago
微软为Windows 11正式版用户推出支持基础Markdown格式的新版记事本应用,包括标题、加粗、斜体和超链接等,但尚不支持下划线和删除线等功能。
Google Warns: Critical Chrome Flaw Letting Hackers Take Over PCs Is Already Being Exploited
1 month 2 weeks ago
/r/netsec 是一个由社区管理的技术信息安全聚合器,旨在为安全从业者、学生、研究人员和黑客提供有价值的信息,减少信息噪音。
Что такое сниффинг трафика и как защитить свои данные от перехвата
1 month 2 weeks ago
Даже зашифрованные соединения могут выдать ваши секреты.
信息归处,一目了然:用 Glance 打造家庭服务器仪表盘
1 month 2 weeks ago
文章介绍了如何使用 Glance 打造家庭服务器仪表盘,展示了其快速轻便、高自由度和丰富的组件特点,并详细讲解了数据获取方式、自定义样式及图表嵌入的方法。
微软将本地服务器产品价格上调最高20% 但微软更希望企业使用云订阅版
1 month 2 weeks ago
微软从本月起提高本地服务器产品价格,部分产品涨幅高达20%,鼓励企业迁移到云端订阅版以增加收入并减少维护成本。
FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection
1 month 2 weeks ago
A sophisticated new variation of cyberattacks emerged in July 2025, exploiting a critical vulnerability in how Chrome and Microsoft Edge handle webpage saving functionality. The attack, dubbed “FileFix 2.0,” bypasses Windows’ Mark of the Web (MOTW) security feature by leveraging legitimate browser saving mechanisms combined with HTML Application (HTA) execution. Key Points1. Saving HTML pages […]
The post FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection appeared first on Cyber Security News.
Guru Baran
Court Rules Anthropic’s Book Scans Were Fair Use
1 month 2 weeks ago
这篇文章讨论了Anthropic公司因购买和扫描数百万本书籍用于训练大型语言模型(LLMs)而引发的版权争议。原告指控该公司未经授权复制和保留书籍内容。法院认为将纸质书转换为数字格式以节省空间和提高可搜索性属于合理使用,但未解决非法获取电子书的问题。
Blockchain Security Layers: Tradeoffs Between L1, L2, and Hardware TEEs
1 month 2 weeks ago
文章探讨了区块链中可信计算与智能合约的安全性问题,比较了Layer-One和Layer-Two解决方案的优缺点,并分析了不同硬件架构(如Intel SGX、ARM TrustZone和专用芯片)对系统安全的影响。
Why TEE-Based Smart Contracts Still Aren’t Fully Secure
1 month 2 weeks ago
文章探讨了可信执行环境(TEE)辅助的 confidential smart contract 系统的研究挑战。重点包括密钥管理难题:集中存储虽安全但风险高;分散存储增加泄露风险且技术复杂。此外,缺乏透明性使得合约执行难以验证,并依赖硬件制造商信任。
Ukraine’s Contaminated Land: Clearing Landmines With Rakes, Tractors and Drones
1 month 2 weeks ago
乌克兰因俄罗斯入侵面临严重地雷和未爆炸弹药问题,影响农业生产和农民安全。排雷人员如Viktoria Shynkar在危险环境中清除地雷,但进展缓慢且数据不全。许多地区仍存风险,影响粮食生产和经济恢复。
CVE-2025-6017 | Red Hat Advanced Cluster Management for Kubernetes 2 up to 2.12.4 UI exposure of private personal information to an unauthorized actor (EUVD-2025-19692)
1 month 2 weeks ago
A vulnerability was found in Red Hat Advanced Cluster Management for Kubernetes 2 up to 2.12.4 and classified as problematic. Affected by this issue is some unknown functionality of the component UI. The manipulation leads to exposure of private personal information to an unauthorized actor.
This vulnerability is handled as CVE-2025-6017. The attack needs to be approached locally. There is no exploit available.
vuldb.com