Aggregator

数据安全风险评估，主要围绕数据和数据处理活动,聚焦可能影响数据的保密性、完整性、可用性和数据处理活动合理性的安全风险，掌握数据安全总体状况,发现数据安全隐患，提出数据安全管理和技术防护措施建议,提升数据安全防攻击、防破坏、防滥用能力。

近日，抖音整理了今年以来最典型的八类诈骗类型，帮助用户一起识破诈骗黑产的陷阱。不下载、不转账、不共享屏幕，不相信天上掉下的馅饼和完美对象，就能躲过大部分诈骗套路。

近日，我国牵头提出的国际标准ISO/IEC 27553-2：2025《信息安全、网络安全和隐私保护 移动设备上使用生物特征识别技术进行身份鉴别的安全和隐私要求 第2部分：远程模式》正式发布。

作为“全球南方”的重要成员，中国积极开展人工智能国际协调与合作，尤其注重包括非洲国家在内的发展中国家的现实需求，团结各国积极推进人工智能发展与治理。

零基础学员必看！代码审计全链路实战

数百个 TeslaMate 实例泄露敏感数据

本题共有32支战队成功提交flag，其中前3名分别是：【时空旅人】、【COMPASS】、【山东安在】

Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government contracting, or education. Some of these standards and frameworks include, but are not limited to:

上周关注度较高的产品安全漏洞(20250811-20250817)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞567个，其中高危漏洞244个、中危漏洞273个、低危漏洞50个。

A vulnerability categorized as critical has been discovered in Fortinet FortiWeb up to 7.0.10/7.2.10/7.4.7/7.6.3. Affected by this issue is some unknown functionality. The manipulation results in improper handling of parameters. This vulnerability is reported as CVE-2025-52970. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in FirebirdSQL Firebird. It has been classified as problematic. Affected is an unknown function of the file firebird.conf. The manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2025-24975. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in FirebirdSQL Firebird up to 3.0.12/4.0.5/5.0.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component XDR Message Handler. The manipulation results in null pointer dereference. This vulnerability was named CVE-2025-54989. The attack may be performed from a remote location. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Fortinet FortiWeb up to 7.4.8/7.6.3. The affected element is an unknown function of the component CLI Command Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-47857. Local access is required to approach this attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Fortinet FortiWeb up to 7.4.8/7.6.3. Impacted is an unknown function of the component CLI Command Handler. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2025-32766. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is recommended.

Чем проще настройки VPN, тем быстрее их используют в сложнейших атаках.

2025年8月18日09:00，SekaiCTF 2025落幕。

Without strong cyber capabilities at State, America’s partners will turn to unreliable associates in China for infrastructure investment and succumb to cyberattacks that place U.S. forces overseas at risk.

The post By gutting its cyber staff, State Department ignores congressional directives appeared first on CyberScoop.

The Cybersecurity Information Sharing Act lapsing might spell disaster, experts and industry groups warn.

The post Here’s what could happen if CISA 2015 expires next month appeared first on CyberScoop.

A vulnerability identified as problematic has been detected in Mozilla Firefox up to 90.x on Android. Impacted is an unknown function of the component Fullscreen Mode. The manipulation leads to denial of service. This vulnerability is listed as CVE-2021-29983. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.