Aggregator

Target WiFi that appears to be de-auth resistant

不安全
3 months 1 week ago
用户尝试使用airmon-ng捕获特定目标的握手包,但由于目标对脱认证攻击异常 resilient,半小时未成功获取握手包,其他目标则正常工作,用户怀疑是否只能等待合法登录获取握手。

CVE-2025-9057 | Biagiotti Core Plugin up to 2.1.3 on WordPress Shortcode cross site scripting

VulDB Recent Entries
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Biagiotti Core Plugin up to 2.1.3 on WordPress. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-9057. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-8944 | OceanWP Plugin up to 4.1.1 on WordPress Setting authorization

VulDB Recent Entries
3 months 1 week ago
A vulnerability classified as problematic has been found in OceanWP Plugin up to 4.1.1 on WordPress. This impacts an unknown function of the component Setting Handler. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-8944. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

Is deepweb browsing safe?

不安全
3 months 1 week ago
r/deepweb是一个Reddit社区,旨在辟谣都市传说并分享Tor深网的真实信息。用户讨论深网探索的风险及匿名性问题。

Anthropic 禁止中国控股公司使用 Claude

Solidot
3 months 1 week ago
Anthropic 宣布,立即停止 Claude 提供给多数股权由中国资本持有的集团或其子公司使用。 这一举措意味着,凡是直接或间接由中国实体控制(占股比例超过 50%)的企业,不再被允许使用 Anthropic 的服务。该政策不仅适用于中国大陆公司,也包括那些在境外设立的子公司、云服务中转实体或具有中国背景投资主体的组织。Anthropic 在其官网公告中表示,此举为应对法律、监管与国家安全风险。Anthropic 一位高管对《金融时报》的简要说明,此举还意在遏制中国公司通过在海外(如新加坡)注册子公司或使用第三方云服务,规避出口管制以获取先进 AI 技术的可能性。这是首个美国 AI 公司公开宣布此类限制的案例,标志着在美国科技公司 AI 出口与服务限制方面,可能更加主动采取防范措施。

尼泊尔屏蔽大部分社媒平台

Solidot
3 months 1 week ago
尼泊尔政府宣布将屏蔽 Facebook、X 和 YouTube 等大部分社交媒体平台,理由是这些社媒公司未遵守在尼泊尔登记注册的规定。尼泊尔通信和信息部长 Prithvi Subba Gurung 表示,二十多个在尼泊尔广泛使用的社交网络平台已多次收到通知,要求其在尼泊尔正式注册公司。他表示这些平台将被立即封锁。TikTok、Viber 和其它三个社媒平台将允许在尼泊尔继续运营,因为它们遵守规定已登记注册。尼泊尔政府已向议会提交了一项法案,旨在确保社交平台妥善管理、负责且可问责。官员表示,有必要制定法律监控社交媒体,确保用户和运营商对平台上分享和发布的内容承担负责。

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

Security Affairs
3 months 1 week ago
France’s data watchdog fined Google $379M (€325 million) and Shein $175M (€150 million) for breaching cookie rules. The French data watchdog, the National Commission on Informatics and Liberty (CNIL), fined Google $379 million (€325 million) and Shein $175 million (€150 million) for violating cookie rules. “The two fines imposed on GOOGLE and SHEIN by the restricted committee – the CNIL […]
Pierluigi Paganini

Trading group

不安全
3 months 1 week ago
一个Reddit社区致力于辟谣都市传说并分享来自Tor深网的真实信息。成员们讨论难以找到合法交易组的问题,并强调信息的可验证性。

Behind the Salesforce OAuth Drift Breach

不安全
3 months 1 week ago
最近几周,多家大型企业如Palo Alto Networks、Zscaler、Cloudflare和SpyCloud证实遭受了一系列网络攻击的影响。这些攻击始于Salesforce平台与第三方应用Drift的集成漏洞。攻击者通过获取OAuth令牌获得了合法访问权限,并进一步窃取云凭证等敏感信息。这一事件揭示了SaaS生态系统中第三方应用授权管理的潜在风险。

Behind the Salesforce OAuth Drift Breach

Security Boulevard
3 months 1 week ago

In recent weeks, major companies like Palo Alto Networks, Zscaler, Cloudflare, and SpyCloud have all confirmed they were affected by a string of cyberattacks that began with Salesforce. Or at least, that is how the headlines read. This is not a case of Salesforce being hacked. Nor is it a flaw in any single product. […]

The post Behind the Salesforce OAuth Drift Breach appeared first on Centraleyes.

The post Behind the Salesforce OAuth Drift Breach appeared first on Security Boulevard.

Rebecca Kappel

Managed ad