Aggregator

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2023-50224 is a TP-Link TL-WR841N dropbearpwd Improper Authentication Information […]

A U.S. federal court has taken a significant step in the antitrust case against Google. Judge Amit P.

The post The Verdict Is In: Google Found Guilty, but Not Broken Up appeared first on Penetration Testing Tools.

A California resident has found himself at the center of a high-profile criminal case involving ransomware extortion attacks.

The post Why This Accused Zeppelin Ransomware Hacker Is Still Free on Bail appeared first on Penetration Testing Tools.

本周，互联网网络安全态势整体评价为良。

Cybersecurity firm Silent Push has exposed a colossal illegal Internet Protocol Television (IPTV) network, revealing a sophisticated piracy operation that has been active for years across more than 1,000 domains and over 10,000 unique IP addresses. The findings highlight the immense scale and profitability of modern digital piracy. The network illegally streams premium content from […]

The post Extensive IPTV Network Spanning 1,000+ Domains and 10,000+ IP Addresses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sprawling network of illicit Internet Protocol Television (IPTV) services has been discovered, operating across more than 1,100 domains and in excess of 10,000 IP addresses. This sprawling infrastructure, which has remained active for several years, delivers unauthorized streams of premium content—including major sports leagues, subscription services, and on-demand platforms—without licensing agreements. Silent Push analysts […]

The post Massive IPTV Hosted Across More Than 1,000 Domains and Over 10,000 IP Addresses appeared first on Cyber Security News.

Немкин о слухах вокруг мессенджера MAX.

《自然》最新发表一篇气候研究论文指出，地球在岩石构造中封存碳排放能力的实际上限预计为 1.46 万亿吨。研究人员称，在当前的变暖减缓情景下，该上限可能会在 2200 年达标，这提示各国应重新考虑碳封存在其减排计划中的作用。为实现净零碳排放的目标，二氧化碳源必须与二氧化碳汇的除碳量相当。实现这一目标的一个方法是利用捕获与封存技术将碳排放封存在地质构造中数百年或数千年。虽然之前有建议认为这一储碳量出奇的大，但仍需开展研究来明确其上限。根据 1.46 万亿吨的储量上限，论文作者指出地质碳封存能逆转今后最多 0.7°C 的全球变暖。同时该储量的约 70% 在陆地上，储存潜力较高的国家包括俄罗斯、美国、中国、巴西和澳大利亚，这些国家多为大型化石燃料开采国。

连续五年，引领数字供应链安全领域！

之前无意间在某多多发现了steam的cdk激活码，竟然只要7.8元，直接拿下，看到店家发给我的激活流程我就发现问题了不是哥们，还要powershell激活，一眼有问题啊，直接分析。

Security teams have issued a warning after Google researchers detected active attacks exploiting a new zero-day vulnerability in Sitecore products. Tracked as CVE-2025-53690, this flaw allows attackers to run code on unpatched servers by tampering with the ViewState mechanism in ASP.NET. Sitecore, a popular content management system, published deployment guides in 2017 and earlier that included […]

The post Google Alerts to Active Exploitation of Sitecore Zero-Day Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

作者：Saad Ullah, Praneeth, Wenbo Guo, Amanda Burnett, Hammond Pearce, Christopher Kruegel, Giovanni Vigna, Gianluca Stringhini 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2509.01835v1 摘要 高质量的实际漏洞及其对...

Structured Approach to Mitigate Vulnerabilities and Risks in Synthetic Biology Labs
Advances in synthetic biology promise breakthroughs, such as engineered bacteria and microbes for pollution cleanup and medicine production. But this promise brings new risks: cyberthreats that intersect with biosecurity. Threat modeling provides a critical framework to anticipate these risks.

Elevate OT Cyber Skills Through Training, Collaboration and Practice
Operational technology incidents can have physical as well as digital consequences, from halting plant production to endangering lives. Training tailored to OT security is essential for protecting critical systems while maintaining operational continuity.

Claude Creators Ride Wave of AI Momentum With Updated Valuation
Anthropic raised $13 billion in fresh capital, bringing its post-money valuation to $183 billion. A Series F round was co-led by Iconiq, Fidelity Management & Research Company and Lightspeed Venture Partners, with participation from a slew of institutional investors and sovereign wealth funds.

Intel Chief Tulsi Gabbard Will Ax a Cyberthreat Sharing Hub, Citing Redundancy
Director of National Intelligence Tulsi Gabbard said the decision to eliminate the Cyber Threat Intelligence Integration Center was meant to remove redundancies and save taxpayer money, though analysts warn the move could leave a major gap in federal threat information sharing.

The EU General Court Gives Victory to Backers of Trans-Atlantic Data Flows
The European Union General Court on Wednesday dismissed a plea by a French politician to annul the legal framework underpinning commercial data flows across the Atlantic, rejecting claims that a U.S. intelligence agency oversight body is not independent of the federal government.

Ransomware Gang Nova Poised to Leak Patient Data, Lab Stays Mum on Negotiations
With ransomware gang Nova threatening to leak patient data on the darkweb, a Dutch laboratory that performs cervical cancer tests for a government screening program is mum about the ransom negotiations, but it says the cyberattack in July has affected 941,000 patients.

最新监管动态

1. 监管通报动态

7月30日，陕西通管局依据相关法律法规的要求，对陕西属地APP进行检查，截至目前，尚有2款APP未按照要求完成整改。上述APP应限期落实整改要求。逾期不整改的，陕西通管局将依法依规组织开展相关处置工作。

7月30日，甘肃通管局依据相关法律法规的要求，持续开展移动互联网应用程序（含小程序）个人信息合规专项整治行动，截至目前，尚有14款应用程序未落实整改要求，上述应用程序应限期完成整改，逾期未整改的，甘肃通管局将依法作下架处置。甘肃通管局通报的存在侵害用户权益行为的应用程序（2025年第二批），截至目前，仍有5款应用程序未落实整改要求，甘肃通管局现予以下架处置。

7月29日，四川和重庆通管局根据相关法律法规，对属地App进行检测，截至目前，仍有7款App/小程序未按要求完成整改，上述App/小程序应限期完成整改，逾期不整改的，四川和重庆通管局将依法依规进行处置。

7月24日，上海通管局针对上一批向社会公示的50款存在侵害用户权益行为的应用进行核查复检，发现尚有23款应用未按照要求落实整改，现予以下架处置。

7月23日，国家网络安全通报中心依据相关法律法规，检测发现33款移动应用存在违法违规收集使用个人信息情况。上期通报的45款违法违规移动应用，经复测仍有8款存在问题，相关移动应用分发平台已予以下架。

7月23日，浙江通管局依据相关法律法规，对APP、小程序违法违规收集使用个人信息等问题开展治理，截至目前，尚有6款APP及小程序未按要求完成整改，上述APP及小程序开发运营者应限期完成整改，逾期不整改的，浙江通管局将依法依规进行处置。

监管支撑汇总

1.国家监管数据分析

针对国家近两周监管通报数据，依据问题类型，统计涉及APP数量如下：

问题分类问题数量违规收集个人信息29未经用户同意收集使用个人信息17违反必要原则、收集与其提供的服务无关的个人信息17未明示收集使用个人信息的目的、方式和范围16超范围收集个人信息7APP强制、频繁、过度索取权限7APP频繁自启动和关联启动3欺骗误导用户提供个人信息3未明示个人信息处理规则3违规使用个人信息2强制用户使用定向推送2未公开收集使用规则1未按法律规定提供删除或更正个人信息功能”或“未公布投诉、举报方式等信息1总计108

针对国家近两周监管通报数据，依据APP类型，统计出现通报的APP数量如下：

APP类型APP数量实用工具类13即时通信类12其他8学习教育类8网络约车类7网上购物类6酒店服务类2网络社区类2电子图书类1短视频类1拍摄美化类1网络借贷类1网络游戏类1网络直播类1新闻资讯类1运动健身类1在线影音类1总计67

漏洞风险分析

从全国的Android APP中随机抽取了2,444款进行漏洞检测发现，存在中高危漏洞威胁的APP为1,913个，即78.27%以上的APP存在中高危漏洞风险。而这1,913款漏洞应用中，有高危漏洞的应用共1,427款，占比74.59%，有中危漏洞的应用共1,883款，占比98.43%（同一款应用可能存在多个等级的漏洞）。存在不同风险等级漏洞的APP占比如下：

1.各漏洞类型占比分析

针对不同类型的漏洞进行了统计，应用中高危漏洞数量排名前三的类型分别为Java代码反编译风险、HTTPS未校验主机名漏洞以及动态注册Receiver风险。各漏洞类型占比情况如下图所示：

2.存在漏洞的APP各类型占比分析

从APP类型来看，实用工具类APP存在漏洞风险最多,占漏洞APP总量的21.62%，其次为其他类APP，占比12.29%，教育学习类APP位居第三，占比10.88%，漏洞数量排名前十的类型如下图所示：

台积电表示已收到美国政府的通知，此前给予其南京半导体工厂的优待措施将于 12 月 31 日终止。措施终止后，每台美国产制造设备都需要单独获得美国的出口许可。台积电南京工厂主要生产 16 纳米产品。如果美国的出口许可停滞，未来南京工厂的运营可能会受到影响。台积电评论称：“正采取包括与美国政府沟通在内的适当措施，为确保运营不受影响做出不懈努力”。美国政府预定 12 月 31 日同时终止对在中国设有半导体工厂的韩国三星电子、韩国SK海力士提供的相同优待措施。