Aggregator

2025年，全球企业遭遇网络攻击的频率持续上升。根据Arctic Wolf公司最新发布的《2025员工网络风险行为报告》（Human Risk Report 2025），68%的IT管理者确认其所在机构在过去12个月内至少经历了一次安全事件，较前一年增长8个百分点。

在全球网络犯罪治理转型的背景下，《网络犯罪防治法（征求意见稿）》在制度理念和基本框架上作出重要探索，形成以“生态治理”为导向、以“防滥用”为抓手、以“全链条规制”为路径的立法模式，标志着我国网络犯罪治理从碎片化治理向综合性……

NFC（近场通信技术）作为一种便捷的无线通信方式，已广泛应用于移动支付、门禁系统、交通卡以及设备间文件传输等场景，让一些原先需要打开手机、输入密码的复杂操作仅需“贴一贴”就可完成。

随着数字化、智能化转型的深入推进，网络安全风险的跨界传导性、叠加性与放大性也在显著增强。深入做好对2025年网络安全风险与治理形势的回顾、研究与分析，有利于在新的一年更精准地锚定“十五五”规划目标，推动我国网络安全和信息化事业持续向新而上……

NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. [...]

A vulnerability was found in Linux Kernel up to 6.16.9. It has been declared as critical. This vulnerability affects the function i40e_vc_get_vf_resources_msg of the component i40e. Such manipulation leads to state issue. This vulnerability is listed as CVE-2025-39969. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16.9. It has been classified as critical. Impacted is the function action_meta of the component i40e. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-39970. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.16.9. It has been classified as critical. This affects an unknown function of the component i40e. The manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2025-39968. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in ISC BIND up to 9.21.12. This impacts an unknown function of the component Pseudo Random Number Generator. The manipulation leads to predictable from observable state. This vulnerability is listed as CVE-2025-40780. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in ISC BIND up to 9.18.39/9.18.39-S1/9.20.13/9.20.13-S1/9.21.12. Affected by this issue is some unknown functionality of the component Zone Handler. This manipulation causes asymmetric resource consumption. This vulnerability is tracked as CVE-2025-8677. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in ISC BIND up to 9.21.12. Affected by this vulnerability is an unknown functionality. The manipulation results in acceptance of extraneous untrusted data with trusted data. This vulnerability is identified as CVE-2025-40778. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.6.108/6.12.49/6.16.9. It has been declared as problematic. The impacted element is the function vhost_task_create. Executing a manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2025-40024. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.9. This affects an unknown part of the component vf. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2025-40023. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in OpenVPN up to 2.7_rc5. It has been declared as problematic. Impacted is an unknown function. The manipulation results in reachable assertion. This vulnerability is cataloged as CVE-2025-15497. The attack may be launched remotely. There is no exploit available.

Разработчик текстового редактора сообщил о компрометации инфраструктуры проекта государственными хакерами.

It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices.

如今，无人机已经成为各行各业的重要工具，其应用场景日益广泛。例如从军事侦察到物流配送，从影视拍摄到农业监测。

一套据称可精准操控电力分布、甚至能对设备进行“压力测试”的工业系统攻击框架，正在暗网秘密兜售。

看雪论坛作者ID：xiusi