Aggregator

百度回应副总裁谢广军的女儿开盒事件时称，开盒信息并非源自百度。百度称，公司内部实施了数据的匿名化、假名化处理；数据存储和管理实行严格隔离和权限分离，任何职级的员工及高管均无权限触碰用户数据。百度安全部门反复调取了相关日志，并查验当事人权限。结果表明，开盒信息并非源自百度。百度也说，网上流传的“当事人承认家长给她数据库”的截图，内容为不实信息。此外，事件期间，社交媒体出现了大量文案高度雷同的造谣内容。针对相关网络谣言，公司已向公安机关报案。

只能下载曾经上传过的附件，无法删除

A vulnerability was found in Mozilla Firefox up to 127.x. It has been classified as critical. Affected is an unknown function of the component SELECT Element Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-6607. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 127.x and classified as critical. This vulnerability affects unknown code of the component ANGLE. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-6600. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 127.x and classified as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-6603. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 127.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component IFRAME Handler. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2024-6608. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 127.x. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to race condition. This vulnerability is handled as CVE-2024-6601. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Парламент требует суверенной платформы.

A vulnerability classified as problematic has been found in Aladdin eToken 3.3.3. This affects an unknown part of the component EEPROM. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2000-0427. The attack needs to be approached locally. Furthermore, there is an exploit available. Due to its background and reception, this vulnerability has an historic impact. It is recommended to upgrade the affected component.

A vulnerability was found in Vmware Spring Security up to 6.4.3. It has been rated as critical. This issue affects the function BCryptPasswordEncoder.matches of the component Long Password Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-22228. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves

In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and securing the software supply chain, along with practical steps to tackle legacy system vulnerabilities. His advice helps organizations strengthen security without disrupting patient care. Given the rise in supply chain attacks, how should healthcare organizations approach vendor … More →

The post How healthcare CISOs can balance security and accessibility without compromising care appeared first on Help Net Security.

Why Are Facilities Caring for the Elderly 'Targets of Opportunity' For Cybercrime?
More than a half dozen nursing homes and rehabilitation centers have reported an assortment of major hacks in the last month affecting a total of more than 130,000 individuals. What makes facilities caring for elderly and disabled patients an attractive and vulnerable target to cybercriminals?

Over 10K Exploit Attempts Recorded in a Week From a Single Malicious IP
Hackers are exploiting a vulnerability in ChatGPT's infrastructure to redirect users to malicious websites, with security researchers recording more than 10,000 exploit attempts in a week from a single malicious IP address. The financial sector has borne the brunt of the attacks.

'Dogequest' Site Provided Tesla Owners Addresses, Names and Phone Numbers
The White House slammed a website that purported to reveal the names, addresses and phone numbers of Tesla owners - unless they showed proof of selling their vehicles made by Elon Musk's car company - amid growing criticism over his efforts to sharply reduce the size of the federal government.

Cyber Agency Urges Critical Infrastructure Operators to Migrate Within the Deadline
The British cybersecurity agency urged critical infrastructure operators to adapt to post-quantum cryptography by 2035 as it and other government agencies prepare for the inevitability of quantum computers capable of breaking current encryption algorithms.

Amazon Web Services 的简单通知服务（AWS SNS），是一种功能多样的基于云的发布 / 订阅服务，在促进应用程序与用户间沟通方面发挥着重要作用。

大模型狂飙时代，直击AI安全技术破局之道！

A vulnerability was found in smub Custom Twitter Feeds Plugin up to 2.2.5 on WordPress. It has been declared as problematic. This vulnerability affects the function ctf_clear_cache_admin. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-1314. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in themewinter Eventin Plugin up to 4.0.24 on WordPress. It has been classified as problematic. This affects the function payment_complete of the component Ticket Payment Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-1766. It is possible to initiate the attack remotely. There is no exploit available.