Aggregator

一、事件概述近日，网络安全公司SentinelOne的研究人员公布了一项极具影响力的研究成果：他们成功在野外捕

Regardless of their size, all law firms hold valuable data, including client communications, financial records, and confidential legal strategies. That data has never been more at risk. Cybercriminals are targeting law firms by exploiting vulnerabilities, weak passwords, outdated systems, and untrained staff. Experts say law firms fall into three groups when it comes to cybersecurity. The first group finds problems and fixes them. The second group notices problems but doesn’t act. The third group, which … More →

The post Cybercriminals are going after law firms’ sensitive client data appeared first on Help Net Security.

没有任何企业能阻止所有攻击，但所有企业都应提前做好面对攻击的准备。

Многоразовые ракеты пока остаются слабым звеном Пекина.

组织的安全运营水平，最直接表现在分工发展程度。任何新威胁与复杂性，只要不是已知威胁的重复，必然推动分工深化。

Как администраторы теряют контроль над собственными серверами?

Practical Purple Teaming is a guide to building stronger collaboration between offensive and defensive security teams. The book focuses on how to design and run effective purple team exercises that improve detection and response and strengthen trust between teams. About the author Alfie Champion is a Senior Security Analyst at GitHub who has fostered and developed purple team functions over the last decade, both with internal teams and while consulting. Champion has delivered talks and … More →

The post Review: Practical Purple Teaming appeared first on Help Net Security.

A vulnerability was found in BaoFeng Storm 3.9.62. It has been classified as critical. This vulnerability affects unknown code in the library medialib.dll. Performing manipulation results in memory corruption. This vulnerability was named CVE-2009-2617. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in broid 1.0. Affected is an unknown function. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2009-3213. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Cherokee 0.5.4. This issue affects some unknown processing. This manipulation causes denial of service. This vulnerability is handled as CVE-2009-4587. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Avast Antivirus Professional up to 4.8.1350. It has been classified as problematic. Affected is an unknown function. This manipulation causes memory corruption. This vulnerability is registered as CVE-2009-3522. The attack needs to be launched locally. Furthermore, an exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Apple Safari 3.2.1. It has been rated as problematic. The affected element is an unknown function. The manipulation leads to link following. This vulnerability is documented as CVE-2009-0321. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability has been found in Apple Safari 4.0/4.0.1 and classified as critical. This affects the function servePendingRequests. The manipulation leads to improper resource management. This vulnerability is uniquely identified as CVE-2009-2419. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Microsoft’s latest Windows 11 update is causing significant problems for users trying to play protected video content. The KB5064081 update, released on August 29, 2025, has disrupted video playback functionality across multiple applications, leaving users frustrated with black screens and frozen content. Windows 11 24H2 update in progress showing copy dialog and progress bar at […]

The post Windows 11 24H2 KB5064081 Update Causes Video Playback Issues appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

记录一次SSD硬盘故障排查和解决的过程，好是折腾。

Iranian threat actors are exploiting job seekers’ aspirations through sophisticated fake recruitment campaigns designed to deploy advanced malware across Europe’s critical infrastructure sectors. The attack methodology demonstrates remarkable operational security and state-sponsored tradecraft characteristics. Nimbus Manticore, also known as UNC1549 or Smoke Sandstorm, constructs elaborate fake recruitment websites that impersonate major aerospace companies including Boeing, Airbus, Rheinmetall, […]

The post Fake Job Offers Used to Deliver Advanced Malware Targeting Job Seekers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in DeluxeBB 1.06. This issue affects some unknown processing of the file postreply.php. Performing manipulation of the argument templatefolder results in memory corruption. This vulnerability is cataloged as CVE-2006-2914. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in DeluxeBB. Affected by this vulnerability is an unknown functionality of the file deluxe/posting.php. Executing manipulation of the argument templatefolder can lead to improper privilege management. This vulnerability is handled as CVE-2006-2914. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Deltascripts PHP Classifieds up to 6.18 and classified as critical. This affects an unknown part of the file member_login.php of the component Login. The manipulation of the argument Password leads to sql injection. This vulnerability is referenced as CVE-2006-0719. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in DeluxeBB 1.06. Affected is an unknown function of the file misc.php. This manipulation of the argument Name causes sql injection. This vulnerability is tracked as CVE-2006-2503. The attack is possible to be carried out remotely. Moreover, an exploit is present.