Aggregator

A vulnerability classified as problematic has been found in Schneider Electric Trio Q Licensed Data Radio up to 2.7.1. Affected is an unknown function. The manipulation leads to insecure default initialization of resource. This vulnerability is traded as CVE-2025-2441. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Schneider Electric ConneXium Network Manager 2.0.01. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to files or directories accessible. The identification of this vulnerability is CVE-2025-2222. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Самая «устаревшая» ОС получила самое современное обновление.

二十年前的 2005 年 4 月 7 日，Linus Torvalds 向新版本控制系统 Git 首次递交了代码。由于私有工具 BitKeeper 的授权分歧，内核开发者无法再使用 BitKeeper。Torvalds 在 10 天内完成了对 Git 的开发。在首次递交中，他已经编写了足够多的代码使得他能通过 Git 完成代码递交。20 年后，Git 已经无处不在，BitKeeper 则在 2018 年停止了开发。最大的代码托管平台 GitHub 就是基于 Git，为庆祝诞生二十周年，Torvalds 接受了 GitHub 的采访，回顾了过去的二十年。Torvalds 表示，他相信在二十年后自己还在用 Git，但没有想到的是 Git 会成为最流行的版本控制系统。他表示 Git 项目的首个版本也许只花了 10 天时间编写完成，但整个思考过程始于 2004 年底。BitKeeper 是当时最先进的版本控制系统，但由于是商业软件，它在内核开发社区不太受欢迎。它之所以对开源项目免费是因为其创始人 Larry McVoy 喜欢开源，他想围绕着 BitKeeper 做生意，将其卖给大企业。Torvalds 表示他也希望能使用开源的版本控制系统，但同时他也非常务实，因为当时还不存在满足其需求的开源版本控制系统。直到开源开发者 Tridge 逆向工程了 BitKeeper 违反了其许可证规定。BitKeeper 允许开源项目使用但禁止对其进行逆向工程。Torvalds 尝试通过电邮联络 Tridge 和 McVoy 去解决分歧，但由于双方分歧太大而没能找到解决方法。在动手开发 Git 前，他已经为此思考了四个月。

Даже вредоносы теперь уточняют вашу прописку, и Grandoreiro в этом явно преуспел.

GreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders (DVRs). The surge in malicious activity, peaking on April 3, 2025, with over 2,500 unique IP addresses, suggests a new variant of the notorious Mirai botnet is at play, exploiting an information disclosure vulnerability to seize administrative control over these […]

The post New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As quantum computing continues to evolve, the security of our digital infrastructure is under increasing scrutiny. While quantum computers promise groundbreaking advancements, they also pose a significant threat to the cryptographic algorithms that protect sensitive information across the internet. Enter Post-Quantum Cryptography (PQC) which is our path to quantum safe security. In this blog, we’ll […]

The post Post-Quantum Cryptography: Preparing for a Quantum Future appeared first on Security Boulevard.

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device," Kaspersky said in an

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-30406 and CVE-2025-29824, to its […]

一图读懂 | 国家标准GB/T 45230-2025《数据安全技术 机密计算通用框架》

清朗的营商网络环境，是推动企业健康发展的基石。网络“黑嘴”伤害企业乱象屡禁不止，重要原因之一是违法成本较低而维权成本较高。应以技术手段加强监管和整治，压实网络平台谣言治理责任，并进一步完善相关法律制度。

近年来，我国低空经济快速发展，2025年市场规模预计达1.5万亿元。作为新兴产业，低空经济尚处于起步阶段。党的二十届三中全会通过的《中共中央关于进一步全面深化改革、推进中国式现代化的决定》提出，发展通用航空和低空经济。

近日，国家标准化管理委员会下达的推荐性国家标准计划中《网络安全技术 鉴别与授权 基于属性的访问控制模型与管理规范》等14项国家标准由全国网络安全标准化技术委员会归口的标准项目。

根据2025年3月28日国家市场监督管理总局、国家标准化管理委员会发布的中华人民共和国国家标准公告（2025年第6号），全国网络安全标准化技术委员会归口的6项国家标准正式发布。

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞121个，影响到微软产品的其他厂商漏洞0个。

国家互联网信息办公室持续加强数据出境安全管理政策宣贯，指导和帮助数据处理者高效合规开展数据出境活动。经对近期收到的咨询问题进行研究，现将一些有代表性的问题和答复公布如下。

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting a critical vulnerability in Gladinet CentreStack, a cloud-based enterprise file-sharing platform. The issue, tracked as CVE-2025-30406, involves the use of a hard-coded cryptographic key that could enable attackers to execute remote code on compromised systems, posing a major security risk to organizations relying on […]

The post CISA Alerts on Active Exploitation of CentreStack Hard-Coded Key Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has disclosed a new security vulnerability in Windows operating systems, tracked as CVE-2025-29809. This flaw, classified with Important severity, impacts the Kerberos authentication protocol, potentially enabling attackers to bypass critical security features. The vulnerability stems from weaknesses described under CWE-922: Insecure Storage of Sensitive Information, making it a pressing concern for organizations relying on Kerberos for secure authentication. […]

The post Windows Kerberos Vulnerability Enables Security Feature Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.