Aggregator

石油行业作为国民经济的重要支柱，其工业安全不仅直接影响经济社会的平稳运行，更是保障国家能源安全和社会公共安全的基石。 为扎实支撑护航新型工业化网络安全专项行动，进一步推动提升石油行业网络保障能力，国家工业信息安全发展研究中心创新行业赋能模式，聚焦石油行业网络安全人才选拔、技术研究等需求，举办石油工业场景锦标赛。 赛事聚焦石油行业工业控制系统、网络与数据安全核心领域，深度结合石油储

由于我自己学习tabby时发现好像没有特别仔细的入门文章，因此想写一个比较详细的从入门到学习挖掘链子思路文章，以减少大家入门tabby的时间，因为自己也是一个小菜，所以有啥不太对的地方欢迎各位佬们指出。

Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated CVE-2025-10585, marking the sixth actively exploited Chrome zero-day discovered in 2025.  This high-severity flaw, with an estimated CVSS 3.1 score of 8.8, enables remote code execution through sophisticated memory corruption techniques that bypass Chrome’s sandbox protections. The vulnerability exploits […]

The post Chrome Type Confusion 0-Day Vulnerability Code Analysis Released appeared first on Cyber Security News.

2025年湾区杯网络安全大赛web题解

Advanced persistent threat actors increasingly target Microsoft Exchange inbox rules to maintain persistence and siphon sensitive data without raising alarms. The newly released Inboxfuscation tool delivers a Unicode-based obfuscation framework capable of generating malicious inbox rules that slip past conventional monitoring solutions. By exploiting Exchange’s handling of diverse Unicode character sets, Inboxfuscation crafts visually deceptive […]

The post Inboxfuscation Tool Bypasses Exchange Inbox Rules and Evades Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章探讨了快速变化的网络安全威胁形势，包括Google修复Chrome零日漏洞CVE-2025-10585、AI渗透测试工具Villager被滥用、RowHammer攻击DDR5内存模块、Scattered Spider黑客组织成员被捕及涉及勒索软件攻击等事件。此外还提到Gamaredon与Turla合作攻击乌克兰、微软与Cloudflare打击RaccoonO365 PhaaS工具以及npm registry遭受蠕虫攻击等情况。

The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach. This week’s recap explores the trends driving that constant churn: how threat

A vulnerability described as critical has been identified in FFmpeg up to 7.1. The affected element is the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-1594. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in John Roy Pi3Web 2.0. It has been declared as problematic. This impacts an unknown function of the component Request Handler. Such manipulation with the input ... leads to improper privilege management. This vulnerability is listed as CVE-2002-0142. The attack may be performed from remote. In addition, an exploit is available. Restrictive firewalling should be applied.

A vulnerability described as critical has been identified in Microsoft IIS 4.0/5.0/5.1. Affected is an unknown function of the component ASP Data Transfer Handler. The manipulation results in memory corruption. This vulnerability is reported as CVE-2002-0147. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Microsoft IIS 4.0/5.0/5.1. Affected by this issue is some unknown functionality of the component ASP Server-Side Include. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2002-0149. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Microsoft IIS 4.0/5.0/5.1. This affects an unknown part of the component HTTP Header Handler. Performing manipulation results in memory corruption. This vulnerability is known as CVE-2002-0150. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Cisco Secure Access Control Server up to 3.01 and classified as critical. Impacted is an unknown function of the component CSAdmin Module. The manipulation results in format string. This vulnerability was named CVE-2002-0159. The attack may be performed from remote. There is no available exploit. Applying restrictive firewalling is recommended.

A vulnerability described as problematic has been identified in Microsoft Windows NT 4.0. The impacted element is an unknown function of the component Multiple UNC Provider. Executing manipulation can lead to memory corruption. This vulnerability appears as CVE-2002-0151. The attack requires local access. There is no available exploit. A patch should be applied to remediate this issue.

Google Chrome’s V8 JavaScript engine has long balanced speed and security for billions of users worldwide. On September 16, 2025, Google’s Threat Analysis Group discovered a critical zero-day flaw in the TurboFan compiler component of V8. Now tracked as CVE-2025-10585, the vulnerability allows attackers to trigger a type confusion condition, corrupt memory in the browser […]

The post Code Analysis Published for Chrome Type Confusion 0-Day Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章探讨了企业在风险和合规自动化方面的挑战，指出尽管许多供应商承诺通过自动化节省时间并提高效率，但大多数未能满足企业规模需求。作者认为AI技术终于为合规管理提供了切实可行的解决方案。

If you’ve been in the trenches of enterprise risk and compliance for any length of time, you’ve heard the pitch: “Automate your compliance and save your team hours.” Dozens of vendors have said it. Most have meant well. And nearly all of them have failed to deliver at the scale that enterprises require.

The post The Compliance Automation Mirage: Why Vendors Keep Failing and Where AI Finally Gets It Right appeared first on Security Boulevard.

Canada’s law enforcement community has achieved a landmark victory in the fight against illicit finance with the dismantling of TradeOgre, a Tor-based cryptocurrency exchange that facilitated the theft and laundering of over 56 million dollars in digital assets. Emerging in early 2023, TradeOgre operated entirely as a hidden service, leveraging the anonymity of the Tor […]

The post Canada Police Dismantles TradeOgre Platform That Stolen 56 Million Dollars in Cryptocurrency appeared first on Cyber Security News.

Subtle Snail, an Iran-linked espionage group also tracked as UNC1549 under the Unyielding Wasp (Tortoiseshell) umbrella of the Charming Kitten network, has shifted its focus to European telecom, aerospace, and defense firms since June 2022. In a recent wave of attacks, the group compromised 34 devices across 11 organizations by masquerading as human resources representatives […]

The post Subtle Snail Impersonation Tactics: How HR Representatives Can Engage Employees to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

新华社报道，中国海军宣布，歼-15T、歼-35和空警-600三型舰载机，已于此前成功完成在福建舰上的首次弹射起飞和着舰训练。这是我国首次在弹射型航母上，实现多型号先进舰载机的电磁弹射和阻拦着舰。美国在 2010 年完成了最早的陆基电磁弹射，福特号航母在 2013 年安装了第一套电磁弹射器，但因为种种问题至今没有进行舰载机电磁弹射测试。