Aggregator

Мини-гипервизор теперь совместим с WebAssembly и работает без лишней нагрузки.

Google 透露它将对 Android 的开发方式进行大调整。以前它会同步更新公开的 AOSP 分支和内部的开发分支，最早从下周起它将停止同步更新 AOSP 分支。Android 的开发流程将不再像以前那么透明，但并不会闭源，仍然会开源，它会在开发完成之后公开新版本的源代码。内部分支只有 Google 和拥有 Google Mobile Services (GMS)许可证的企业如三星和摩托罗拉才能访问。Google 声称此举有助于简化发布，让每个人的生活都更轻松。这一转变并非是突然发生的，多年来 Google 一直将 Android 功能从 AOSP 转移到闭源软件包，这让它对 Google 平台有更大的控制权，也允许它在不更新整个操作系统的情况下更新核心组件。

产生的根源在于，服务器端对客户端提交的数据操作请求过度信任，在处理请求时，忽视了对用户操作权限的严格判定。

Ещё год назад он прикрывал атаки на ФБР… а теперь гуляет по коридорам власти?

Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must understand the risks before an attack happens. Misconceptions about cyber insurance Myth: Insurance will cover all costs after a breach. Reality: Policies often exclude key expenses. Some won’t cover ransomware payments. Others limit payouts for business downtime. Myth: If we meet security standards, our claim … More →

The post Cyber insurance isn’t always what it seems appeared first on Help Net Security.

黑客声称窃取600万条记录，甲骨文否认数据泄露。Oracle客户证实云数据泄露事件中被盗数据真实有效。

Кто попал под град санкций на этот раз?

不知道今年要多久，但我们想和你一起扛

不知道今年要多久，但我们想和你一起扛

不知道今年要多久，但我们想和你一起扛

不知道今年要多久，但我们想和你一起扛

不知道今年要多久，但我们想和你一起扛

不知道今年要多久，但我们想和你一起扛

不知道今年要多久，但我们想和你一起扛

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Fix Inventory: Open-source cloud asset inventory tool Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts. Commix: Open-source OS command injection exploitation … More →

The post Hottest cybersecurity open-source tools of the month: March 2025 appeared first on Help Net Security.

A vulnerability has been found in ZKTeco ZKBio CVSecurity 6.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Audio File Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-35432. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in huggingface text-generation-inference up to 1.x and classified as critical. Affected by this issue is some unknown functionality of the file autodocs.yml. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-3924. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Visual Website Collaboration, Feedback & Project Management Plugin up to 3.30 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2793. The attack may be initiated remotely. There is no exploit available.