Aggregator

当前环境出现异常，请完成验证后继续访问。

当前环境异常，请完成验证后继续访问。

在5G全面商用与算力网络加速构建的背景下，运营商网络安全格局正在重构。随着网络云化转型、算网融合推进、边缘计算节点大规模部署，运营商面临基础设施泛在化、数据流动复杂化、业务边界模糊化带来的全新安全挑战。DDoS攻击规模化、信令风暴攻击精准化、边缘节点渗透等新型威胁持续升级，安全防御体系亟需从传统网络防护向“云网端”一体化安全演进。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，当前运营商行业网络安全建设呈现几点关键特征：首先，基础设施虚拟化带来全新挑战，云组件和边缘计算节点正成为攻击者重点目标。其次，业务安全需求快速升级，5G网络切片需要实现毫秒级安全隔离，算力网络面临资源可信验证等新课题。第三，安全运营模式持续创新，头部运营商通过构建安全能力中台，将威胁检测、漏洞管理等服务API化。 基于这些发现，我们将重点展示几个具有代表性的运营商行业优秀安全解决方案，为运营商行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编 2025中国网络安全「能源行业」优秀解决方案汇编 2025中国网络安全「制造行业」优秀解决方案汇编 2025中国网络安全「电力（水利）行业」优秀解决方案汇编 2025中国网络安全「互联网行业」优秀解决方案汇编

当前环境出现异常状态,需完成验证后方可继续访问。

Latest Medical Device Vendor to Disclose a Recent Cyber Incident
A Minnesota maker of catheters notified federal regulators it is recovering from a cyberattack discovered in early June that rendered a portion of its IT systems and data inaccessible. Threat actors gained unauthorized access to some IT systems making certain systems and data unavailable.

Experts Warn Funding Gaps Elevate Cyber Risk
A breach of Columbia University’s IT systems after repeated attacks by U.S. President Donald Trump is highlighting how universities are unprepared for today’s threat landscape. Schools often leave campuses without enough resources for strong cyber defenses.

Also, Spain Arrests Hacker Behind Leaks Targeting Politicians and Journalists
This week, Chinese sites mimicked brands, Spain arrested data leak hackers, Swiss health nonprofit ransomware attack, ICC probed a cyberattack, UNFI restored systems, a flaw in smart tractors, RomCom RAT. A U.K. man sentenced for locking employer out of network. A WordPress hack installs a Trojan.

Flaw Exposes Remote Privilege Escalation Risk
Cisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials.

Технологические гиганты не справляются — мошеннические сайты множатся.

Submit #600881 / VDB-314836

In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains how attackers now use AI-powered, multi-channel phishing tactics to target fresh employees who are still unfamiliar with internal processes, faces, and norms. Ucar shares real-world examples, and practical, human-centric strategies to reduce risk and protect both employees and organizations from day one.

The post New hires, new targets: Why attackers love your onboarding process appeared first on Help Net Security.

PrivacyCheck 更新 适配HAE的URL信息提取规则

无影(TscanPlus)，抽奖、分享获取POC 扫描 license

A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-7060. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #602080 / VDB-314835

一项针对学术文献的大规模分析显示，去年发表的生物医学论文摘要中，约 1/7 可能借助 AI 完成撰写。2024 年医学数据库 PubMed 收录的 150 万篇摘要中，超过 20 万篇包含大模型（LLM）常推荐使用的词汇。许多团队试图评估 LLM 对学术产出的影响，但这一过程颇具挑战性，因为大多数使用者并未披露这种行为。研究人员利用了 LLM 流行后的风格化词汇去估计摘要是否是 AI 帮助撰写。研究发现，2024年有 454 个词汇的出现频率远高于 2010 年以来的任何年份。它们多为与研究内容无关的“风格词”，且以动词和形容词为主。科学词汇的演变是长期过程。2021年有 190 个“冗余词汇”，多为与研究内容相关的名词。但自 LLM 普及以来的词汇变化更为显著，且主要体现在风格层面。研究人员发现，在计算科学和生物信息学等领域，超过 1/5 的摘要由 LLM 辅助撰写。

去年生物医学论文摘要约1/7由AI撰写,基于PubMed分析发现20万篇摘要使用大模型常用词汇,主要为动词和形容词风格词。

A vulnerability was found in Oracle Application Testing Suite 13.2/13.3. It has been classified as critical. Affected is an unknown function of the component jQuery. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2019-11358. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Gamaredon利用升级的工具集对乌克兰发起鱼叉式网络钓鱼攻击;Kimusky利用ClickFix技术在受害者设备上运行恶意脚本;DPRK远程IT工作者渗透策略不断演变;Lazarus涉嫌抢劫BitoPro交易所1100万美元加密货币

当前环境出现异常，需完成验证后方可继续访问。