Aggregator

看雪论坛作者ID：0346954

建议立刻收藏转发

OPPO，将作为SDC2025 黄金合作伙伴出席峰会

Microsoft has revoked over 200 fraudulent code-signing certificates used in a ransomware campaign involving fake Teams installers by threat group Vanilla Tempest

红蓝对抗的第二阶段实战已经打响，烽火正式点燃！我们也正式迎来了第二次“考试”！攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

Новая технология обещает положить конец эпохе фальшивых устройств и клонированных чипов.

天天和大模型“斗法”

Over 262K F5 BIG-IP devices exposed after threat actors stole source code and data on undisclosed flaws in a recent F5 breach. Over 262,000 F5 BIG-IP devices are exposed online after F5 confirmed a breach by nation-state actors who stole source code and data on undisclosed flaws. The Shadowserver Foundation found 262,269 F5 BIG-IP systems […]

De Eerste Kamer heeft eind september het voorstel voor de aangepaste Wet veiligheidsonderzoeken (Wvo) aanvaard. De wet is aangepast om meer flexibiliteit voor veiligheidsonderzoeken te bieden aan sectoren waar medewerkers veelvuldig van werkgever wisselen. De wet zal naar verwachting vanaf begin 2026 stapsgewijs in werking treden en in afstemming met alle inzenders in de praktijk worden ingevoerd. 

再先进的语言特性也无法完全替代严谨的编码实践和全面的安全审计。

上周关注度较高的产品安全漏洞(20251013-20251019)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞542个，其中高危漏洞267个、中危漏洞245个、低危漏洞30个。

A vulnerability described as critical has been identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of the argument Source leads to server-side request forgery. This vulnerability is listed as CVE-2025-7759. The attack may be performed from remote. In addition, an exploit is available. It is advisable to implement a patch to correct this issue.

Венчурные инвесторы и военные объединились ради проекта, который поднимется в небо уже в 2026 году.

Canva, the popular graphic design platform, is reeling from a widespread outage that has rendered its services inaccessible to millions of users worldwide. As of 19:16 AEDT (02:46 IST), the platform’s status page reports “significantly increased error rates” impacting nearly all functionalities, with no clear timeline for restoration. The disruption, linked to a broader Amazon […]

The post Canva Down – Suffers Global Outage, Leaving Millions of Users Unable to Access Platform appeared first on Cyber Security News.

亚马逊 AWS 发生严重宕机事故，影响了数以百万计的网站和服务，包括亚马逊自己、PrimeVideo、Perplexity AI、Canva 等网站以及《堡垒之夜》等游戏。亚马逊在其 AWS 状态页面发表声明，称确认 US-EAST-1 区域DynamoDB 端点的请求存在严重的错误率，工程师正致力于缓解问题和全面理解问题根因。

Амбициозный эксперимент завершился возвратом к тотальной слежке.

A vulnerability has been found in FasterXML jackson-core up to 2.14.x and classified as critical. This issue affects some unknown processing. Performing manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-52999. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.