Aggregator

Маскировка шпионских модулей под презентации PowerPoint сбила с толку уже не одного сомелье.

Что такое оценка уязвимостей, зачем её проводить, как выбрать инструменты и избежать ошибок. Полный гайд по повышению уровня защищённости систем.

360再次实锤美国国安局对华攻击

天文学家首度利用韦伯太空望远镜，针对蝘蜓座 I 分子云（Chamaeleon I molecular cloud）绘制出三种星际冰（水、二氧化碳、一氧化碳）的分布图，深入解析恒星诞生前的化学环境。这项研究不仅提升了空间解析度，也大幅增加样本数量，为理解恒星与行星的形成提供了关键新线索。在宇宙中寒冷的分子云中，这些充满气体与尘埃的区域正是恒星诞生的摇篮。微小的尘埃粒子常被一层层冰所覆盖，这些冰包含水、二氧化碳与一氧化碳等简单分子，是恒星与行星诞生过程中不可或缺的原料。如今，天文学家首次成功绘制出这些冰在整个分子云中的分布图，为我们提供了一扇前所未有的窗口，得以一窥恒星诞生之前的化学环境。

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando Mercês said in a technical report published earlier in

OpenAI 正在开发一个类似 X 的社交网络。该项目处于早期阶段，其内部原型集中在带有社交信息流的 ChatGPT 图像生成功能上面。OpenAI CEO Sam Altman 据报一直私下寻求外部人士对该项目的意见。目前不清楚该社交网络是作为独立应用发布，还是集成到 ChatGPT 中。ChatGPT 是目前全球下载量最高的应用。该项目无疑会加剧 Altman 与马斯克（Elon Musk）之间本已激烈的竞争。今年 2 月，马斯克提出以 974 亿美元收购 OpenAI，Altman 随后回应说愿意以 97.4 亿美元收购 Twitter。进入社交媒体市场也将使得 OpenAI 与 Meta 之间的竞争加剧，Meta 计划在其将推出的独立 AI 助手应用中加入社交信息流。Altman 此前对此回应说要做一个社交应用。

Microsoft is working to fix an ongoing issue causing some users' Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them. [...]

Вирусы под видом игр атакуют Android через Telegram.

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and

本期将围绕剪贴板安全展开，包括它的原理、攻击方式，以及防范建议。

本期将围绕剪贴板安全展开，包括它的原理、攻击方式，以及防范建议。

A vulnerability, which was classified as problematic, was found in User Profile Builder Plugin up to 3.13.5/3.13.6/3.13.7 on WordPress. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2314. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Supsystic Contact Form Plugin up to 1.7.29 on WordPress and classified as problematic. Affected by this vulnerability is the function saveAsCopy of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-13452. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in Contact Form 7 Plugin up to 6.0.5 on WordPress and classified as critical. Affected by this vulnerability is the function wpcf7_stripe_skip_spam_check of the component Order Handler. The manipulation leads to enforcement of behavioral workflow. This vulnerability is known as CVE-2025-3247. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Delta Electronics COMMGR. This affects an unknown part of the component Session ID Handler. The manipulation leads to cryptographically weak prng. This vulnerability is uniquely identified as CVE-2025-3495. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-3663. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-3664. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-3665. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.