Aggregator

Submit #543589 / VDB-303648

美国防部与业界合作加紧推动关键零信任解决方案落地

重塑用户在AI时代的安全意识

用户应升级至最新版本

该供应链攻击始于去年12月对PAT的攻陷

A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The identification of this vulnerability is CVE-2025-3402. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. This vulnerability was named CVE-2025-3401. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3400. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-3399. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #545864 / VDB-272231

近期捕获的远控木马使用的通信证书与此前在Github上挖掘发现的远控木马的通信证书相同

Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity

Defensie heeft vandaag de app Defensie Dichtbij gelanceerd. Hiermee vergroot Defensie de mogelijkheid om in geval van crisis de samenleving van informatie te blijven voorzien. Defensie Dichtbij is gebouwd voor mobiel gebruik en biedt op termijn ook locatiespecifieke informatie. Ga naar www.defensiedichtbij.nl en installeer de app via de pop-up!

Submit #542343 / VDB-303647

近日，社交APP因后台持续高频获取用户位置信息，引发用户对隐私安全的担忧。事实上，公众对部分APP过度索取权限、频繁访问个人信息等行为的质疑声一直存在。面对“一划不到底”的隐私协议，用户往往匆匆点击同意，更为APP频频“越界”提供了空间。

近期一些引发舆论热议的“开盒”事件，让网络暴力和个人信息安全问题再次成为人们关注的焦点。

北京可信华泰信息技术有限公司近日宣布启动战略升级，将于近期推出基于AI大模型的全新产品与解决方案。此次转型标志着这家深耕网络安全领域十余年的技术企业正式进军可信AI赛道。

近年来，以DeepSeek等为代表的预训练大模型持续取得突破，人工智能正在快速嵌入社会运行体制机制。当前，中国正在书写人工智能的社会治理新篇章——既要在技术快速迭代中坚守以人民为中心的理念，又要在体制机制创新中开辟人机互动共生新场景。