Aggregator

Adobe警告其Commerce和Magento Open Source平台存在严重漏洞（CVE-2025-54236），CVSS评分9.1分，可能允许攻击者接管客户账户。该漏洞影响多个版本，并已发布热修复补丁和防火墙规则以应对潜在攻击。此外，ColdFusion也存在高危路径遍历漏洞（CVE-2025-54261）。

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

The Hackers News

3 months 1 week ago

Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of

The Hacker News

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws

不安全

3 months 1 week ago

SAP发布安全更新修复多个漏洞, 包括三个关键漏洞可能导致代码执行和文件上传, 建议用户及时应用补丁以保护系统安全。

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

The Hackers News

3 months 1 week ago

SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious

The Hacker News

Flight Simulators for AI Agents — Practicing the Human-in-the-Loop

不安全

3 months 1 week ago

文章指出，飞行模拟器不仅训练飞行员的技术操作，还培养其在压力下的判断力。类似地，AI代理需要通过"人类在环"的模拟环境进行训练。Agentic Sandbox提供了一个平台，在此平台上企业可以练习与AI代理的合作决策、合规性审查以及文化培训。通过这种方式，人类能够信任并有效管理AI系统。

The Agentic Identity Sandbox — Your flight simulator for AI agent identity

不安全

3 months 1 week ago

文章指出企业在部署AI代理时面临身份管理难题，并介绍了Agentic Identity Sandbox这一模拟环境，用于安全测试和验证。该工具提供灵活配置、实时观测和风险可控的环境，帮助企业克服AI身份管理挑战并提升信心。

The Agentic Identity Sandbox — Your flight simulator for AI agent identity

Security Boulevard

3 months 1 week ago

We’ve all heard the promises about agentic AI transforming business operations. The reality? Most enterprise AI agent projects never make it past the pilot stage, and it’s not because the technology doesn’t work.

The post The Agentic Identity Sandbox — Your flight simulator for AI agent identity appeared first on Strata.io.

The post The Agentic Identity Sandbox — Your flight simulator for AI agent identity appeared first on Security Boulevard.

Eric Olden

智能网联时代，汽车工程师如何构建“攻防兼备” 的安全系统？文末送书

ChaMd5安全团队

3 months 1 week ago

当你在驾驶智能汽车时，是否想过：针对车载娱乐系统的一次漏洞攻击，可能导致整车控制失效？

智能网联时代，汽车工程师如何构建“攻防兼备” 的安全系统？文末送书

不安全

3 months 1 week ago

当前环境出现异常，需完成验证以恢复访问权限。

Training for the Unexpected — Why Identity Simulation Matters More Than Unit Tests

不安全

3 months 1 week ago

文章指出飞行模拟器不仅用于练习起飞和降落,还用于模拟紧急情况。同样,在企业中采用智能AI时,身份故障等罕见但严重的问题需要通过模拟训练来应对。传统的测试方法无法有效应对这些情况。因此,引入"Agentic Identity Sandbox"进行故障演练和压力测试至关重要。模拟训练有助于提升团队在面对突发事件时的反应能力和系统的韧性。