Aggregator

New StorybyComputational Technology for AllbyComputational Technology for All@computationalComputat

春秋云镜 网鼎杯2022半决赛

谷歌在印尼等新兴市场推出每月仅需2.28美元的Google AI Plus订阅套餐，包含AI视频创作工具Veo 3 Fast、Whisk和Flow等服务，并提供额外200GB存储空间。该套餐支持最多五名家庭成员共享使用，并为学生及研究人员开放更先进功能如Gemini 2.5 Pro模型。

文章讨论了安全与风险管理领导在预算规划、威胁防御及安全运营中心（SOC）转型方面的挑战与解决方案。专家分享了如何在动荡环境中优化预算、应对配置风险，并通过AI赋能提升SOC效率与韧性。

justCTF2025-Pwn部分WP

对于项目jshERP的3.5版本进行一个代码审计

通过Burp suite labs靶场来掌握JWT漏洞验证手法

分享一篇文章。

2025年9月10日（北京时间），微软发布了2025年9月安全更新，共发布了81个CVE的补丁程序，同比上月减少了26个。

当前环境异常，需完成验证后继续访问。点击按钮进行验证。

当前环境出现异常，需完成验证后才能继续访问。

In its September Patch Tuesday release, Microsoft delivered a sweeping package of updates, addressing 81 vulnerabilities across its

The post Microsoft’s September Patch Tuesday: Two Zero-Days and 81 Fixes appeared first on Penetration Testing Tools.

2025年8月10日，用友官方发布关于NC系统ComboOperTools存在XML实体注入漏洞的修复通告，宣布修复了NC系统importCombo接口的XXE漏洞，攻击者通过构造恶意XML文件，利用 importCombo 接口上传并解析，实现任意文件读取或SSRF攻击等操作，进而可能导致敏感信息泄露或进一步的系统入侵。

Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities. A new report, based on over 50,000 automated penetration tests performed with Vonahi Security’s vPenTest SaaS platform, has shown why once-per-year manual testing isn’t enough. The tests flagged the same preventable gaps across many organizations. Most frequently, they allowed multicast DNS … More →

The post Automated network pentesting uncovers what traditional tests missed appeared first on Help Net Security.

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息。

The cybersecurity landscape has witnessed a novel phishing campaign that weaponizes Google’s no-code platform, AppSheet, to harvest user credentials. By abusing AppSheet’s trusted email infrastructure, attackers are bypassing traditional security controls and delivering malicious content from legitimate domains. This development underscores the urgent need for context-aware detection systems that analyze message intent, not just sender […]

The post Hackers Impersonate Google AppSheet in Latest Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Основатель мессенджера прокомментировал использование платформы для организации акций во Франции.

KillSec 勒索软件攻击巴西医疗软件提供商 MedicSolution，利用不安全的 AWS S3 存储桶窃取超 34 GB 医疗数据，包括实验室结果、X 光片及未成年人记录，并威胁泄露以勒索赎金。这是巴西医疗行业首次重大供应链攻击事件。

KillSec Ransomware claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The KillSec Ransomware group has threatened to leak sensitive data unless negotiations are initiated promptly. According to threat intelligence reporting by Resecurity, the root cause of the incident – data exfiltration from insecure AWS S3 bucket. […]

自动化和AI正在改变安全运营中心（SOCs）的工作方式，但需依赖高质量数据。现代沙盒技术通过提供可靠的行为证据支持检测工程、事件响应和威胁情报。关键在于选择具备抗规避能力、完整执行跟踪、环境仿真和高保真输出的沙盒工具以提升决策准确性。