Aggregator

文章描述了curl项目在内存管理和性能优化方面的努力。通过引入内存分配限制、关键结构体大小检查等机制，确保代码高效且资源占用可控。尽管第三方库对内存使用有显著影响，但项目仍致力于自身优化，并以此为荣。

SAP released critical security updates on July 8, 2025, addressing 27 vulnerabilities across its enterprise software portfolio, with seven classified as critical-severity flaws. The monthly Security Patch Day also included three updates to previously released security notes, underscoring the ongoing security challenges facing enterprise software environments. The most severe vulnerability, CVE-2025-30012, affects SAP Supplier Relationship Management’s […]

The post SAP July 2025 Patch Day: Fixes for 27 Flaws, Including 7 Critical appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

2025年7月4日，由中国信息安全测评中心指导、广东省网络空间安全产业创新联合会主办、广州锦行网络科技有限公司承办的第二届青马红客“精英训练营”开营仪式在广州成功举行。

China’s Hikvision vows legal battle after Canada bans its operations, citing national security concerns

A properly configured WAF is no longer optional but mandatory, providing organizations with real-time protection against evolving web-based threats while ensuring regulatory compliance. 

The post Strengthening Compliance: The Role of WAFs in PCI DSS 4.0.1 appeared first on Security Boulevard.

现代经济中使用信用卡消费的安全性常被视为理所当然。为保护消费者数据安全，2006年推出的支付卡行业数据安全标准（PCI DSS）成为关键规范。2025年生效的4.0.1版本加强了持续安全要求，强制部署Web应用防火墙（WAF），以实时检测和阻止网络攻击，确保金融数据安全及合规性。

The Call of Duty team removed the PC edition of Call of Duty: WWII off the internet on Saturday after numerous allegations of a serious security flaw surfaced, which is concerning for the gaming community. The culprit appears to be a Remote Code Execution (RCE) vulnerability an especially dangerous flaw that enables attackers to execute […]

The post Call of Duty Gamers Hacked via RCE Exploit Allowing Player-to-Player Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Хакеры использовали бэкдор, который системы защиты даже не учитывали.

7月21日暑假开放注册即将到来，届时会提前发布公告通知，“星标”公众号以防错过。

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. "The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract," the Russian company said. "The main goal of the

文章描述了两起网络间谍活动：俄罗斯组织遭 Batavia 间谍软件攻击，通过伪装合同的钓鱼邮件传播；另一起 NordDragonScan 恶意软件活动则利用 RAR 文件中的 LNK 文件传播。两者均窃取文档、系统信息及浏览器数据。

Zero Trust Network Access (ZTNA) has become a cornerstone of modern cybersecurity strategies, especially as organizations embrace remote work, cloud adoption, and hybrid infrastructures. In 2025, ZTNA solutions are not just a trend they are a necessity for securing sensitive data, ensuring compliance, and enabling seamless access for distributed workforces. ZTNA platforms enforce the principle […]

The post 10 Best ZTNA Solutions (Zero Trust Network Access) In 2025 appeared first on Cyber Security News.

ParrotOS, known for its emphasis on security, privacy, and development, is widely used by cybersecurity professionals and enthusiasts alike. Version 6.4 delivers a host of updates and community-driven enhancements. The update is expected to be the final release in the 6.x branch. The developers describe ParrotOS 6.4 as a culmination of feedback from its active user community, as well as the result of contributions from new developers who have joined the project. Key tool updates … More →

The post ParrotOS 6.4 lands with key tool updates and kernel upgrade appeared first on Help Net Security.

阿联酋合规加密交易所OFZA任命Amir Tabch为CEO，其拥有20余年金融与数字行业经验。OFZA致力于打造安全、简单且人人可及的数字资产交易平台，并已获迪拜VARA全面许可。Tabch将引领其成为区域最值得信赖的平台并推动负责任增长。

FortiGuard Labs has discovered a current campaign that targets Microsoft Windows users with the NordDragonScan infostealer, which is a worrying trend for cybersecurity. This high-severity threat leverages a complex infection chain to infiltrate systems, harvest sensitive data, and exfiltrate it to a command-and-control (C2) server for potential use in future attacks. As detailed in the […]

The post NordDragonScan Targets Windows Users to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Linux Kernel up to 5.4.294/5.10.238/5.15.185/6.15.3. It has been declared as problematic. Affected by this vulnerability is the function fimc_is_hw_change_mode of the component media. The manipulation leads to state issue. This vulnerability is known as CVE-2025-38237. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.142/6.6.95/6.12.35/6.15.4/6.16-rc3. It has been classified as critical. Affected is the function unix_stream_read_generic of the file net/unix/af_unix.c of the component af_unix. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-38236. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Pyload up to 0.5.0b3.dev77 and classified as critical. This issue affects some unknown processing. The manipulation leads to preservation of permissions. The identification of this vulnerability is CVE-2025-7346. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Phoenix Contact CHARX SEC-3150, CHARX SEC-3100, CHARX SEC-3050 and CHARX SEC-3000 up to 1.7.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2025-25269. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.