一年卖出 10 个亿,这是年轻人真正的「户外神器」 | New Things
在智能眼镜大热的 2025 年,口袋相机仍然是「第一人称影像」的最优解。
Aggregator
Cyber threat information law hurtles toward expiration, with poor prospects for renewal
4 months 3 weeks ago
Short-term and long-term extensions alike for the 2015 Cybersecurity Information Sharing Act have fallen by the wayside despite industry and Trump administration advocacy.
The post Cyber threat information law hurtles toward expiration, with poor prospects for renewal appeared first on CyberScoop.
Tim Starks
FBI Says Threat Actors Are Spoofing its IC3 Site
4 months 3 weeks ago
The FBI has warned that adversaries have published fake versions of its cybercrime reporting portal IC3
工信部通报29款违规小程序,隐私合规再响警钟!梆梆安全助力企业构建全生命周期检测防线
4 months 3 weeks ago
工信部通报29款APP存在侵害用户权益行为,主要问题包括违规收集个人信息和过度索取权限。梆梆安全提供合规检测框架,助力企业构建隐私保护防线。
工信部通报29款违规小程序,隐私合规再响警钟!梆梆安全助力企业构建全生命周期检测防线
4 months 3 weeks ago
关于侵害用户权益行为的APP通报
(2025年第5批,总第50批)
根据中央网信办、工业和信息化部、公安部、市场监管总局等四部门联合发布的《关于开展2025年个人信息保护系列专项行动的公告》,依据《个人信息保护法》《网络安全法》《电信条例》《电信和互联网用户个人信息保护规定》等法律法规,工信部对APP违法违规收集使用个人信息等问题开展治理。近期,经组织第三方检测机构进行抽查,共发现29款APP存在侵害用户权益行为(详见附件),现予以通报。
来源:工信微报
根据工信部最新通报,2025年第5批(总第50批)检测中发现29款小程序存在侵害用户权益行为,突出问题集中在违规收集个人信息和强制、频繁、过度索取权限等方面。此次抽查反映出部分企业在小程序运营过程中对用户个人信息保护意识薄弱,未能严格落实《个人信息保护法》《网络安全法》等相关法律法规要求。
作为依托小程序提供服务的平台运营者,应高度重视用户个人信息保护工作,切实履行个人信息保护主体责任,规范个人信息收集使用行为,避免过度索权、违规收集、频繁自启动等侵害用户权益的行为。建议企业定期开展自查自纠,加强合规体系建设,共同营造安全、可信的网络环境。
梆梆安全依托十余年深耕移动安全领域的技术沉淀与实践经验,系统性搭建了专业的移动应用合规检测框架,通过覆盖应用全生命周期的自动化检测与深度分析,精准识别隐私合规性问题并输出风险评估报告及整改建议,助力企业高效构建合规防线。
梆梆安全移动应用合规检测框架
在移动应用程序敏捷开发环境下,仅依赖自动化工具或纯人工检测均难以有效应对合规风险。梆梆安全提供采用“工具检测+人工验证”相结合的方式,在保障检测准确性的同时提升效率,切实满足快速迭代中的合规要求。
自2019年起,梆梆安全持续深耕个人信息与隐私合规领域,全面开展合规评估与技术监管支撑服务,已深度服务超百家监管机构,并与上千家企业达成合作,累计出具合规评估报告10,000+份,覆盖金融、运营商、互联网、企业、大轨道交通等多个关键行业,为客户提供坚实可靠的个人信息保护解决方案,为数字化业务合规发展保驾护航。
梆梆安全
国产大模型 Deepseek实战:10节课精通大语言模型安全应用开发
4 months 3 weeks ago
漏洞分析、脚本生成… 大语言模型如何助力网络安全?这门课告诉你答案!
Unicode漏洞“BiDi Swap”十年未修复,仍被用于实施网址欺骗
4 months 3 weeks ago
10年未修复
诸子云知识星球:史上最强福利纳新,限时加入即刻尽享!
4 months 3 weeks ago
海量资料,意识素材,线上课程,抽奖直通价值3.2万线下研修班参学
渣浪的S参数分析
4 months 3 weeks ago
看雪论坛作者ID:易之生生
Unicode漏洞“BiDi Swap”十年未修复,仍被用于实施网址欺骗
4 months 3 weeks ago
当前环境异常,需完成验证后继续访问。
国产大模型 Deepseek实战:10节课精通大语言模型安全应用开发
4 months 3 weeks ago
当前环境异常,需完成验证后继续访问。
诸子云知识星球:史上最强福利纳新,限时加入即刻尽享!
4 months 3 weeks ago
环境异常导致无法正常访问,需完成验证后才可继续使用服务。
渣浪的S参数分析
4 months 3 weeks ago
当前环境出现异常状态,需完成验证后方可继续访问相关内容或功能。
EU agency ENISA says ransomware attack behind airport disruptions
4 months 3 weeks ago
The EU cybersecurity agency ENISA confirmed that airport check-in disruptions were caused by a cyberattack, and law enforcement is investigating. A cyber attack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and Berlin. The outage caused numerous flight delays and cancellations, forcing manual operations. Collins Aerospace is […]
Pierluigi Paganini
EU agency ENISA says ransomware attack behind airport disruptions
4 months 3 weeks ago
欧盟网络安全机构ENISA证实,针对Collins Aerospace的勒索软件攻击导致欧洲多个机场运营中断。此次事件影响了希思罗、布鲁塞尔和柏林机场,造成航班延误和取消。Muse软件受损,迫使机场采用手动操作。
CVE-2021-42079 | OSNEXUS QuantaStor POST Request server-side request forgery (EUVD-2021-29065)
4 months 3 weeks ago
A vulnerability classified as critical has been found in OSNEXUS QuantaStor. Affected by this issue is some unknown functionality of the component POST Request Handler. Performing manipulation results in server-side request forgery.
This vulnerability is identified as CVE-2021-42079. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-9487 | wpase Admin and Site Enhancements Plugin up to 7.9.7 on WordPress SVG File Parser xmlrpc.php cross site scripting (EUVD-2025-30407)
4 months 3 weeks ago
A vulnerability was found in wpase Admin and Site Enhancements Plugin up to 7.9.7 on WordPress and classified as problematic. The affected element is an unknown function of the file xmlrpc.php of the component SVG File Parser. Executing manipulation can lead to cross site scripting.
This vulnerability is registered as CVE-2025-9487. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-9541 | Pierre-Henri Lavigne Markup Markdown Plugin up to 3.20.9 on WordPress cross site scripting (EUVD-2025-30405)
4 months 3 weeks ago
A vulnerability was found in Pierre-Henri Lavigne Markup Markdown Plugin up to 3.20.9 on WordPress. It has been rated as problematic. This impacts an unknown function. This manipulation causes cross site scripting.
This vulnerability appears as CVE-2025-9541. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2021-42081 | OSNEXUS QuantaStor API os command injection (EUVD-2021-29067)
4 months 3 weeks ago
A vulnerability identified as critical has been detected in OSNEXUS QuantaStor. This affects an unknown function of the component API. The manipulation leads to os command injection.
This vulnerability is uniquely identified as CVE-2021-42081. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2021-4406 | OSNEXUS QuantaStor Alerts Management Dialog command injection (EUVD-2021-34233)
4 months 3 weeks ago
A vulnerability labeled as critical has been found in OSNEXUS QuantaStor. This impacts an unknown function of the component Alerts Management Dialog. The manipulation results in command injection.
This vulnerability was named CVE-2021-4406. The attack may be performed from remote. There is no available exploit.
vuldb.com