Aggregator

JetBrains取消LSP API订阅层级限制, 免费用户也可使用, 开发者可为所有用户提供插件支持, LSP API作为基本功能加入社区免费版, 但无法完全替代PSI接口。

Exploring how far cyber security approaches can help mitigate risks in generative AI systems

Nmap has remained at the forefront of network discovery and security assessment for nearly three decades. Originally introduced on September 1, 1997, in Phrack magazine as a modest, 2,000-line Linux-only port scanner, Nmap has since matured into a sprawling toolkit encompassing OS and version detection, scripting, packet crafting, and more. As Nmap celebrates its 28th […]

The post 28 Years of Nmap – From Simple Port Scanner to Comprehensive Network Security Suite appeared first on Cyber Security News.

Как недочёт в админке открыл двери для атак.

文章分析了近2000条网络敲诈信息及其比特币地址数据，揭示威胁行为者操作模式及成功率。数据显示多数地址仅使用数天，支付金额差异大（250美元至4万美元），但超半数地址未收到款项。研究显示网络敲诈成功率可能随时间下降。

无数企业都在尝试生成式 AI，但试用过的人都知道 AI 很难产生能直接使用的令人满意的最终产品，于是出现了雇佣人类调试和修改 AI 生成内容的新职业。自由职业者表示此类工作的报酬比不上其专业领域的传统零工，但一部分人表示这至少能帮助他们支付账单。自由职业平台 Upwork、Freelancer 和 Fiverr 的最新数据表明，此类创意工作的需求在激增。客户也日益希望找到能与 AI 技术协同工作，不完全依赖或拒绝 AI 的人。AI 辅助编程（vibe coding）日益流行，但企业发现此类工具无法达到他们预想的效果，企业仍然需要人类程序员，以避免辅助编程带来的麻烦。印度程序员 Harsh Kumar 说，客户使用 AI 辅助编程产生的网站或应用常常不稳定或无法使用。

Microsoft announced that it will enforce mandatory multi-factor authentication (MFA) for all sign-in attempts to the Azure portal and other administrative interfaces. The new requirement, which builds on Microsoft’s long-standing commitment to security, aims to block unauthorized access to high-value cloud resources by adding an extra layer of verification beyond passwords. According to Microsoft’s own research, enabling […]

The post Microsoft to Require Multi-Factor Authentication on Azure Portal Logins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

谷歌否认了关于25亿Gmail用户因重大安全问题需更改密码的谣言，称相关报道被福布斯等媒体误解和夸大。实际上，谷歌仅建议用户定期更换密码以提高安全性，并未发生数据库泄露事件。

本报告剖析了夏季影响最严重的几起事件，以及安全团队在面对攻击浪潮来临时需要采取的措施。

该安全问题属于服务器端请求伪造（SSRF）漏洞，目前已被编号为CVE-2025-9074，其严重等级被评定为9.3分。

A vulnerability was found in OpenAM Consortium Edition 14.0.0/14.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component SAML IdP Handler. The manipulation results in denial of service. This vulnerability is identified as CVE-2025-8662. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in MobSF Mobile-Security-Framework-MobSF 4.4.0. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2025-58162. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in MobSF Mobile-Security-Framework-MobSF 4.4.0 and classified as critical. This impacts the function os.path.commonprefix of the file /download/ of the component Download File Handler. Executing manipulation can lead to path traversal. The identification of this vulnerability is CVE-2025-58161. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in ESPHome 2025.8.0 and classified as critical. This affects an unknown function of the component web_server. Performing manipulation results in incorrect implementation of authentication algorithm. This vulnerability was named CVE-2025-57808. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in SonarSource sonarqube-scan-action up to 5.3.0. The impacted element is an unknown function of the component Scan GitHub Action Handler. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-58178. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

The Wireshark Foundation today announced the release of Wireshark 4.4.9, delivering critical stability improvements and updates to its protocol dissectors. This incremental release, the ninth maintenance update in the 4.4 series, addresses a high-priority security issue and resolves multiple decoder flaws affecting enterprise and academic users alike. Key Security and Stability Fix The release fixes a […]

The post Wireshark 4.4.9 Released With Critical Bug Fixes and Protocol Updates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Природа целится миллионы лет, стреляет за секунду и попадает в яблочко.

Google Pixel 10发布不久即出现屏幕问题，包括雪花屏和彩色条纹，此前Pixel 5和7也曾出现类似故障。谷歌正调查并计划通过固件更新修复，但部分用户已选择退货。

A new research project called NetMoniAI shows how AI agents might reshape network monitoring and security. Developed by a team at Texas Tech University, the framework brings together two ideas: distributed monitoring at the edge and AI-driven analysis at the center. The work is still research stage, but it gives CISOs a sense of what could be possible if agentic AI systems make their way into enterprise environments. The project is open source, so it … More →

The post Can AI agents catch what your SOC misses? appeared first on Help Net Security.

平安科技（上海）有限公司发布招聘信息，招聘安全研究员（渗透/代码审计/AI赋能攻防）和安全研究员（大模型方向），要求具备丰富的攻防实战经验、编程能力和技术专长，并参与前沿技术研究与应用落地。