Aggregator

本文介绍了http2指纹实现的一些构想，用于代理检测

Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, potentially allowing attackers to escalate privileges and compromise user systems. Designated as CVE-2025-49457 under bulletin ZSB-25030, this flaw carries a CVSS score of 9.6, classifying it as critical due to its high impact on confidentiality, integrity, and availability. The vulnerability stems from an untrusted search […]

The post Critical Zoom Clients for Windows Vulnerability Lets Attackers Escalate Privileges appeared first on Cyber Security News.

国赛的一道AWDP go题目,解析go的特性以及代码的逻辑漏洞读取flag，首发wp

NepCTF2025

模型部署安全是大模型安全落地的关键防线，只有确保了部署环境的安全可靠，才能真正发挥大模型的价值，为用户提供安全、可信的AI服务。随着大模型应用场景的不断拓展，模型部署安全技术也将持续演进，为大模型的安全应用提供更加全面的保障

A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a…

在Apache Hertzbeat<=1.7.1的版本下利用h2 jdbc实现RCE

An unprecedented surge in brute-force attacks targeting Fortinet SSL VPN infrastructure, with over 780 unique IP addresses participating in coordinated assault campaigns.  The August 3rd attack represents the highest single-day volume recorded on GreyNoise’s Fortinet SSL VPN Bruteforcer tag in recent months, raising concerns about potential zero-day vulnerabilities and sophisticated threat actor operations. Key Takeaways1. […]

The post Hackers Attacking Fortinet SSL VPN Under Attack From 780 unique IPs appeared first on Cyber Security News.

Assisted Living Pharmacy Service LLC Falls Victim to Qilin Ransomware

IBM’s 2025 Cost of a Data Breach Report drives home that point: attackers today are often “logging in rather than hacking in".

The post IBM’s Cost of a Data Breach Report 2025 appeared first on Security Boulevard.

Researchers just proved LLMs can autonomously plan and execute full-scale cyberattacks — turning AI from a tool into an active threat actor.

The post And Now, LLMs Don’t Need Human Intervention to Plan and Execute Large, Complex Attacks  appeared first on Security Boulevard.

Ivanti has released critical security updates addressing multiple high and medium-severity vulnerabilities across its Connect Secure, Policy Secure, and Zero Trust Access (ZTA) gateway products.  The vulnerabilities, identified through internal discovery and responsible disclosure programs, could enable remote attackers to trigger denial-of-service (DoS) attacks without authentication, though no active exploitation has been detected at the […]

The post Ivanti Connect Secure, Policy Secure and ZTA Vulnerabilities Let Attackers Trigger DoS Attack appeared first on Cyber Security News.

Cybersecurity researchers at GreyNoise have detected an alarming surge in brute-force attacks against Fortinet SSL VPN systems, with over 780 unique IP addresses launching coordinated attacks in a single day—marking the highest daily volume recorded for this type of attack in recent months. The sophisticated campaign appears to represent a significant escalation in targeting Fortinet’s […]

The post Fortinet SSL VPN Targeted by Hackers from 780 Unique IP Addresses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ЛДПР предложила блокировать мат в соцсетях и на сайтах.

Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments

Creator, Author and Presenter: Wendy Nather

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Fire, Brimstone And Bad Security Decisions appeared first on Security Boulevard.

Ivanti has released critical security updates addressing multiple vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products that could allow remote attackers to launch denial-of-service attacks. The company disclosed four vulnerabilities on August 12, 2025, with CVSS scores ranging from medium to high severity, though no active exploitation has been detected at the […]

The post Ivanti Connect Secure, Policy Secure, and ZTA Flaws Allow Attackers to Launch DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jenkins disclosed CVE-2025-53652, also known as SECURITY-3419, as part of a batch of 31 plugin vulnerabilities. Initially rated as medium severity, this flaw affects the Git Parameter plugin and was described merely as enabling attackers to inject arbitrary values into Git parameters a description that understated its potential for severe exploitation. However, deeper analysis reveals […]

The post 1,500 Jenkins Servers Vulnerable to Command Injection via Git Parameter Plugin appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本文链接

腾讯 TEG 安全平台部代码安全负责人张栋已确认出席，并发表题为《大模型驱动安全升级：腾讯代码安全应用实践》的主题演讲。安全漏洞是每一个企业都必须面对的问题，处理不好动辄影响服务可用性、导致核心业务敏感数据泄露，对业务及公司造成不良影响。基于此在企业研发体系中，绝大多数企业会选择通过安全左移在软件开发生命周期的早期阶段进行风险识别和安全问题修复。但是，传统的静态分析工具本身因其检测方式导致的覆盖有限、高误报、修复效率低等问题，增大了业务团队负担，致使业务对安全问题响应慢、体感差。在本次分享中，张栋将结合腾讯内部的实践经验，深入探讨大模型在代码安全场景中的应用，分享在不同发展阶段其遇到的挑战及其解决方案。

演讲提纲 1.代码安全现状及问题分析

• 传统代码安全现状
• 传统代码安全痛点
• 业务安全场景痛点
• 传统代码安全的局限性

2. 大模型在代码安全场景应用与挑战

• 大模型赋能传统工具
• 大模型助力安全左移
• 大模型自动化漏洞检测

3. 技术架构及解决方案

• 行业前沿解析
• 架构设计及能力演进
• 基础能力建设

4. 总结及展望

• 工程实践心得
• 大模型在代码安全场景落地的方向

演讲亮点

• 代码安全场景大模型落地思路及过程经验分享
• 大模型自动化漏洞扫描思路及过程经验分享
• 专用领域大模型的微调思路及过程经验分享

听众收益

• 了解专用模型领域微调思路及落地实践
• 了解大模型落地过程中常见问题及解决方案
• 了解大模型赋能安全的基础上，进一步泛化至其他应用场景

2025L3HCTF-tellmewhy详解以及多种入口