Aggregator

规范政务数据共享，促进政务数据安全利用。

Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. [...]

Why Modern Threat Modeling Must Account for State Control of Infrastructure
CISOs for decades viewed governments as partners. That assumption is weakening. Today, state control over infrastructure needs be part of threat modeling and business continuity planning for global security leaders - and it's time for CISOs to reassess dependencies and trust boundaries.

UK Rollout to Link Arco's Cybersecurity Assurance With Sophos's Threat Intelligence
Sophos acquired Arco to expand into cybersecurity assurance and compliance, launching a new CISO Advantage capability. The company plans a phased rollout starting in the U.K., integrating Arco’s risk and regulatory mapping platform with Sophos Central and its global threat intelligence operations.

Singapore Signals Heightened Vigilance Against State-Linked Threat Actors
Singapore conducted a yearlong, multi-agency cyber defense operation to expel UNC3886 from all four major telecom providers after the advanced threat actor accessed segments of critical communications infrastructure and extracted limited technical data without disrupting services.

AI Is Transforming Economics But Enterprise IT Architecture Issues Are Still Here
While AI systems such as Claude lower the marginal cost of writing code and automating discrete tasks, especially when it comes to early-stage work including prototyping and front-end design, the idea that AI will lay waste to the industry is overblown, analysts say.

Acting Chief Tells Lawmakers Most Staff Would Be Furloughed Amid Partial Shutdown
More than half of the U.S. cyber defense agency's workforce would be furloughed under a DHS funding lapse, the agency's acting chief warned Wednesday, pausing incident reporting rulemaking, security assessments and proactive cyber programs while significantly limiting operations.

Darktrace researchers caught a sample of malware that was created by AI and LLMs to exploit the high-profiled React2Shell vulnerability, putting defenders on notice that the technology lets even lesser-skilled hackers create malicious code and build complex exploit frameworks.

The post Hackers Use LLM to Create React2Shell Malware, the Latest Example of AI-Generated Threat appeared first on Security Boulevard.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities.

The post 0APT ransomware group rises swiftly with bluster, along with genuine threat of attack appeared first on CyberScoop.

vm2 沙箱逃逸9.8分漏洞(CVE-2026-22709)

A vulnerability was found in Trellix System Information Reporter up to 1.0.3. It has been rated as critical. This impacts an unknown function of the component ePO POST Request Handler. Performing a manipulation results in path traversal. This vulnerability is identified as CVE-2025-3722. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Trellix System Information Reporter 1.0.3. Affected is an unknown function of the component Registry Backup Folder. Executing a manipulation can lead to exposure of backup file to an unauthorized control sphere. This vulnerability is tracked as CVE-2025-3773. The attack is restricted to local execution. No exploit exists.

A vulnerability identified as critical has been detected in Trellix System Information Reporter 1.0.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to link following. This vulnerability is listed as CVE-2025-3771. The attack must be carried out locally. There is no available exploit.

A vulnerability described as critical has been identified in Infinera G42 up to 7.0. The affected element is an unknown function of the component WebGUI HTTP Endpoint. Such manipulation leads to path traversal. This vulnerability is documented as CVE-2025-27022. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Infinera G42 up to 7.0. The impacted element is an unknown function of the component WebGUI CLI Web. Performing a manipulation results in information disclosure. This vulnerability is reported as CVE-2025-27023. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Infinera G42 up to 7.0. This impacts an unknown function of the component sudoers Configuration. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-27021. An attack has to be approached locally. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Infinera G42 up to 7.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SFTP Service. This manipulation causes improper handling of insufficient privileges. This vulnerability is handled as CVE-2025-27024. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in Ruijie RG-YST 3.0(1)B11P280YST250F. Impacted is the function pwdmodify in the library /usr/lib/lua/luci/modules/common.lua of the component POST Handler. The manipulation results in os command injection. This vulnerability is known as CVE-2025-56099. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Ruijie RG-YST EST 3.0(1)B11P280YST250F. It has been declared as critical. Affected by this vulnerability is the function pwdmodify in the library /usr/lib/lua/luci/modules/common.lua of the component POST Handler. The manipulation results in os command injection. This vulnerability is identified as CVE-2025-56113. The attack can be executed remotely. There is not any exploit available.