Aggregator

Exploiting API4 — 8 Real-World Unrestricted Resource Consumption Attack Scenarios (and How to Stop Them)

2 days 14 hours ago

文章探讨了OWASP API安全Top 10中的API4:2023（不受限制的资源消耗），该类别专注于DoS和资源滥用攻击。通过8种实际场景（如大文件上传、高延迟响应、数据外泄、滥用短信网关等），展示了攻击者如何利用API设计和业务逻辑进行资源耗尽和财务损失。Wallarm通过实时检测和分层策略提供全面防护。

CVE-2023-0361 | GnuTLS RSA timing discrepancy (Issue 1050 / Nessus ID 253540)

Vuldb Updates

2 days 14 hours ago

A vulnerability classified as problematic has been found in GnuTLS. This issue affects some unknown processing of the component RSA Handler. Performing manipulation results in observable timing discrepancy. This vulnerability is known as CVE-2023-0361. Remote exploitation of the attack is possible. No exploit is available. To fix this issue, it is recommended to deploy a patch.

vuldb.com

CVE-2023-0361 | Oracle Communications Cloud Native Core Network Repository Function Installer information disclosure (Nessus ID 253540)

Vuldb Updates

2 days 14 hours ago

A vulnerability was found in Oracle Communications Cloud Native Core Network Repository Function 23.1.0. It has been classified as critical. This affects an unknown function of the component Installer. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2023-0361. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2023-0361 | Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade information disclosure (Nessus ID 253540)

Vuldb Updates

2 days 14 hours ago

A vulnerability was found in Oracle Communications Cloud Native Core Binding Support Function 22.4.0/23.1.0. It has been classified as critical. This affects an unknown function of the component Install/Upgrade. Performing manipulation results in information disclosure. This vulnerability is identified as CVE-2023-0361. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

Требуется хакер. Зарплата — $20 миллионов. Конфиденциальность гарантируем (особенно свою)

Securitylab.ru

2 days 14 hours ago

Теперь хакинг — легальный бизнес за миллионы.

CVE-2022-32743 | Samba up to 4.16.x dNSHostName default permission (FEDORA-2022-4555909843 / Nessus ID 211187)

Vuldb Updates

2 days 14 hours ago

A vulnerability was found in Samba up to 4.16.x and classified as critical. Affected by this issue is some unknown functionality. Executing manipulation of the argument dNSHostName can lead to incorrect default permissions. This vulnerability is handled as CVE-2022-32743. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

入选！长亭科技与国泰海通共创“智慧安全运营平台项目”获工信部认可

长亭科技

2 days 14 hours ago

强势围观

长亭科技×蜚语科技：AI代码安全的“攻防同盟”正式出道！

长亭科技

2 days 14 hours ago

强势围观！

NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems

Cyber Security News

2 days 14 hours ago

The National Institute of Standards and Technology (NIST) has unveiled a comprehensive concept paper outlining proposed NIST SP 800-53 Control Overlays for Securing AI Systems, marking a significant milestone in establishing standardized cybersecurity frameworks for artificial intelligence applications. Released on August 14, 2025, this initiative addresses the growing need for structured risk management approaches in […]

The post NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems appeared first on Cyber Security News.

Florence Nightingale

【通知】第三届全国大学生开源情报数据采集与分析大赛开始报名啦！提供免费培训

丁爸情报分析师的工具箱

2 days 14 hours ago

为了更好地培养学生掌握先进的数据挖掘与分析方法，锻炼学生敏锐的情报洞察力，为将来投身于开源情报领域的工作奠定坚实的基础。特举办“第三届全国大学生开源情报数据采集与分析大赛”。

【资料】台湾研究以色列网络作战部队：平战结合

丁爸情报分析师的工具箱

2 days 14 hours ago

网络安全行业对人才的需求十分迫切，这使得网络作战单位在招聘和保留网络作战人才方面面临困难。

CVE-2025-57699 | Western Digital Kitfox prior 1.1.1.1 on Windows Windows Service unquoted search path (EUVD-2025-25503)

Vuldb Updates

2 days 14 hours ago

A vulnerability, which was classified as problematic, has been found in Western Digital Kitfox on Windows. This affects an unknown function of the component Windows Service. Performing manipulation results in unquoted search path. This vulnerability is identified as CVE-2025-57699. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-8281 | WP Talroo Plugin up to 2.4 on WordPress cross site scripting

Vuldb Updates

2 days 14 hours ago

A vulnerability, which was classified as problematic, was found in WP Talroo Plugin up to 2.4 on WordPress. This impacts an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-8281. The attack can be launched remotely. No exploit exists.

vuldb.com