Aggregator

公示时间：2025年10月22日－2025年11月20日。

近日，国家互联网信息办公室、国家市场监督管理总局联合发布《个人信息出境认证办法》，标志着个人信息出境具体制度的全面落地，这对于推进高水平开放、推动高质量发展、保障高水平安全具有重要意义。

科蓝软件凭借SUNDB完整自主知识产权的绝对优势，未来将抢占数据库替换市场的核心份额；而靠“套壳”糊弄客户的数据库厂商以后注定会被摒弃。大浪淘沙，这场对决的结局已注定：信创时代，只有掌握核心技术的企业才能存活下来。

Спецслужбы получили разрешение арестовывать людей по метаданным.

该攻击只需几个价格低廉的设备而且能够渗透关键系统如 Linux 服务器和 ESXi 超级管理程序。

已修复

Elastic released Agent Builder, a complete set of capabilities powered by Elasticsearch, that makes it easy for developers to build custom AI agents on company data—all within minutes. Agent Builder also provides an out-of-the-box conversational experience for exploring, analyzing, and optimizing any data in Elasticsearch. As AI agents evolve to take on more complex and data-driven enterprise tasks, reliability and accuracy depend on delivering accurate context. In most enterprises, this context is scattered across various … More →

The post Elastic introduces Agent Builder to simplify AI agent development appeared first on Help Net Security.

Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. [...]

NASA 代理局长 Sean Duffy 周一在电视上公开质疑了该机构最重要的承包商 SpaceX，Duffy 称 SpaceX 在研发月球着陆器上进度滞后，他考虑修改合同。Duffy 此举引人注目，因为在航天领域进度缓慢是司空见惯的，NASA 几乎每个项目都延期。Duffy 此举一则可能是向特朗普表明其在中国之前重返月球的决心，二则展示与 SpaceX 对抗的意愿。周二 SpaceX CEO 马斯克（Elon Musk）忍无可忍的称他为 Sean Dummy。这场口水战对 NASA 而言不是什么好事，由于裁员和自愿退休，NASA 已经减员五分之一，而 Duffy 还表达了将 NASA 划归运输部的意愿，他是现任运输部部长，这意味着 NASA 将完全处于其管辖范围，不再是一个独立机构。

Welcome to Day Two of Pwn2Own Ireland 2025. Yesterday, we awarded $522,500 for 34 unique 0-day bugs. The Summoning Team took a slim lead in the Master of Pwn, but big changes could happen today as we have 19 more attempts today. We’ll be updating this blog with results as they come in, so refresh often!

Day Two of Pwn2Own Ireland 2025 is complete! We saw some great work today, with the exploit of the Samsung Galaxy being the big highlight. So far, we have awarded $792,750 for 56 unique 0-days. Tomorrow look to be even more exciting with another Galaxy attempt, a Met Quest attempt, and (of course) that big WhatsApp exploit everyone is talking about. Saty tuned as we provide real-time results throughout the day. Here’s the current Master of Pwn leader board. The Summoning Team has a commanding lead, but with WhatsApp being worth 100 points, anything can happen.

SUCCESS - Pwn2Own veterans PHP Hooligans used an OOB Write bug to exploit the Canon imageCLASS MF654Cdw printer. Their fifth round win earns them $10,000 and 2 Master of Pwn points.

Veteran competitors showing their skills

SUCCESS/COLLISION - Dinh Ho Anh Khoa and Phan Vinh Khang of Viettel Cyber Security used a unique command injection and two bugs that collided with previous bugs to exploit the Home Automation Green. They earn $12,500 and 2.75 Master of Pwn points.

Returning Master of Pwn champs getting started with a win

SUCCESS/COLLISION - Ho Xuan Ninh (@Xuanninh1412), Hoang Hai Long (@seadragnol) from Qrious Secure used 5 bugs to exploit the Phillips Hue Bridge, but only 3 were unique. They still earn $16,000 and 3.75 Master of Pwn points.

SUCCESS - Chumy Tsai (http://github.com/Jimmy01240397) of CyCraft Technology used a single code injection bug to exploit the QNAP TS-453E. His unique bug earns him $20,000 and 4 Master of Pwn points.

A canine confirmation for CyCraft Technologies

OUT OF SCOPE - Although Sina Kheirkhah's exploit of the Synology BeeStation Plus was successful, the entry was ruled out of scope for the competition.

SUCCESS/COLLISION - Team Neodyme used two bugs to exploit the Home Assistant Green, but only one was unique. They still earn $15,000 and 3 Master of Pwn points.

SUCCESS - TwinkleStar03 (@_twinklestar03) from the DEVCORE Intern Program used a unique stack based buffer overflow to get a sixth round win against the Canon imageCLASS MF654Cdw. He earns $10,000 and 2 Master of Pwn points.

COLLISION - Rafal Goryl from PixiePoint Security succeeded in exploiting the Phillips Hue Bridge, but the bugs he used were collisions with a previous entry. He still earns $10,000 and 2 Master of Pwn points.

COLLISION - Enrique Castillo (@hyprdude), McCaulay Hudson (@_mccaulay), Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) successfully exploited the Synology CC400W camera, but the bug they used was known to the vendor. They still earn $15,000 and 1.5 Master of Pwn points.

SUCCESS - Le Trong Phuc (chanze@VRC) and Cao Ngoc Quy (Chino Kafuu) of Verichains Cyber Force chained two unique bugs - including an auth bypass - to exploit the Synology DS925+ and run code as root. Their work earns them $20,000 and 4 Master of Pwn points.

FAILURE - Unfortunately, Tri Dang from Qrious Secure could not get his exploit of the Samsung Galaxy S25 in the time allotted. #Pwn2Own

SUCCESS - Ken Gannon / 伊藤 剣 of Mobile Hacking Lab, and Dimitrios Valsamaras of Summoning Team used five different bugs to exploit the Samsung Galaxy S25. They earn $50,000 and 5 Master of Pwn points.

COLLISION The PHP Hooligans used a buffer overflow to exploit the Phillips Hue Bridge, but the bug had been previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points.

SUCCESS - Mehdi & Matthieu from team Synacktiv used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points.

SUCCESS - Team Neodyme (@Neodyme) used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points.

COLLISION - The PHP Hooligans did exploit the QNAP TS-453E, but the bug they used was previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points. #Pwn2Own

SUCCESS - Nao and @ExLuck99 from ANHTUD used a heap-based buffer overflow to exploit the Lexmark CX532adwe, but we penalized for a rules violation. The still earn $10,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - ChatGPT helped Team ANHTUD as they used 3 bugs - 1 collision, 1 unique SSRF and 1 cleartext storage of sensitive information - to exploit Home Automation Green. They finished with just 45 seconds remaining. Their work earns them $16,750 and 3.75 Master of Pwn points.

COLLISION - Our final attempt of the day is a collision. Le Tran Hai Tung (@tacbliw), namnp and Le Duc Anh Vu (@vulda) of Viettel Cyber Security collided with a previous entry while exploiting the Canon mageCLASS MF654Cdw. They still earn $5,000 and 1 Master of Pwn points.

In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat Intelligence Center warn that this dual-pronged attack illustrates the group’s evolving tactics and their focus […]

The post Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Soitec и CEA нашли способ, как сделать автомобильные микроконтроллеры неуязвимыми для хакеров.

In Litouwen is Iron Wolf afgelopen. Het grootste deel van de multinationale battlegroup was de afgelopen weken intensief betrokken bij deze grootschalige NAVO-certificeringsoefening. De militairen moesten bewijzen samen met NAVO-bondgenoten in staat te zijn Litouwen te verdedigen en mogelijke dreigingen af te slaan. Dat bewijs werd geleverd. Het oordeel van het multinationale NAVO-inspectieteam was dan ook ‘excellent’. Een overzicht van Defensieoperaties in de week van 15 tot en met 21 oktober 2025.

People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.

七个隆冬呛咚呛

AI的落地不是炫技，而是？

红蓝对抗的第二阶段实战已经打响，烽火正式点燃！我们也正式迎来了第二次“考试”！攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

开源分布式键值数据库 Valkey 释出了 v9.0.0 版本。Valkey 是 Redis 的分支，2024 年 3 月 Redis 从开源的 3-clause BSD 许可证切换到商业使用需获得授权的双许可证 Redis Source Available License (RSALv2) 和 Server Side Public License (SSPLv1)，不再属于开源软件，因此社区创建了分支 Valkey，然而到了 2025 年 5 月 Redis 再次切换到开源许可证 AGPLv3，而 Valkey 一直独立发展至今。Valkey 9.0.0 的新特性包括：Multipath TCP (MPTCP)支持，新客户端命令过滤器，集群模式下多数据库支持等。

谭晓生揭示市场增速放缓与激烈内卷，指出AI正深刻驱动技术产品变革与产业价值重塑。