Aggregator

Apache Tomcat 漏洞曝光，黑客30小时内发起攻击，服务器安全面临严峻挑战

看雪论坛作者ID：aaa4dr

让我们一同重温《条例》的主要内容，共同筑牢网络安全屏障，为网络强国、数字中国建设提供坚实安全保障。

近期，面对美国的又一轮指责与审查警告，欧盟为《数字市场法案》展开多维度、全面有力的辩护，强调法案的合法性与普惠性。一场欧美之间围绕数字市场规则的激烈交锋正在上演。

根据2025年2月28日国家市场监督管理总局、国家标准化管理委员会发布的中华人民共和国国家标准公告（2025年第4号），全国网络安全标准化技术委员会归口的2项国家标准正式发布。

中国国家网络与信息安全信息通报中心通过支撑单位发现一批境外恶意网址和恶意IP，境外黑客组织利用这些网址和IP持续对中国和其他国家发起网络攻击。

工业和信息化部近日印发通知，部署做好2025年信息通信业安全生产和网络运行安全工作。

生成式人工智能快速发展，迅速成为全球人工智能领域的焦点，以生成式人工智能为代表的新型技术在释放生产要素价值过程中发挥重要作用。同时，生成式人工智能强大的学习效率与数据处理能力也带来诸多挑战和安全风险。

根据工作需要，《中国信息安全》杂志社现面向社会公开招聘工作人员2名。报名有关事项如下……

攻击动机不明

在过去几个月的时间里此类攻击骤升

Bitsight reveals that UK companies are more exposed to cyber risk than global peers via their digital supply chains

Биржа закрывает лазейку для отмывания миллионов группы Lazarus.

Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability in the Linux kernel that has remained undetected for seven years.  The vulnerability, which affects the TCP subsystem, could potentially allow attackers to execute remote code with kernel privileges. Use-after-free Linux Kernel Vulnerability The flaw stems from a race condition […]

The post PoC Exploit Released for Use-after-free Linux Kernel Vulnerability appeared first on Cyber Security News.

Attackers increasingly leverage AI-powered exploitation and can quickly identify vulnerable systems, infiltrate networks unnoticed and move laterally to compromise critical assets.

The post The Future of Enterprise Security: AI-powered Lateral Defense in a Dynamic Threat Landscape appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to Cross site scripting. This vulnerability is uniquely identified as CVE-2025-2491. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Currently trending CVE - Hype Score: 1 - An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and ...

Currently trending CVE - Hype Score: 1 - The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.

Currently trending CVE - Hype Score: 1 - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into ...