Aggregator

近期，公安部第一研究所于锐研究员关于国家网络身份认证公共服务进行了专题宣讲，以下是文字实录……

工信部部对APP、SDK违法违规收集使用个人信息等问题开展治理。近期，经组织第三方检测机构进行抽查，共发现49款APP及SDK存在侵害用户权益行为，现予以通报。

随着信息技术的快速发展，网络安全已成为全球竞争的核心领域。近年来，网络安全威胁与日俱增，网络攻击事件频繁发生，国家安全、经济社会发展面临严峻考验。为筑牢网络安全防线，各国都积极加强网络安全人才队伍建设，提升网络安全防护能力。

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. This vulnerability was named CVE-2025-5331. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-5330. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

美团闪购入局，618 变了。

A vulnerability, which was classified as problematic, has been found in Strapi up to 4.25.1. Affected by this issue is some unknown functionality of the component Webhooks URL Handler. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-52588. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in freescout-help-desk freescout up to 1.8.177. Affected by this vulnerability is an unknown functionality. The manipulation of the argument as leads to format string. This vulnerability is known as CVE-2025-48388. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Teltonika RMS up to 5.6. Affected is an unknown function of the component Pending Invite Handler. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-4687. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Redis up to 8.0.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-27151. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Submit #585404 / VDB-310504

Submit #585402 / VDB-310503

Трамп играет в долгую, Пекин — в свою. Исход пока не очевиден, но ставки растут.

Fortity SCA 审计规则更新

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 security update released during this month's Patch Tuesday. [...]

适合新手入门

新型 ChoiceJacking 攻击威胁手机安全

看雪论坛作者ID：flyyyy