Aggregator

2025年8月21日，深瞳漏洞实验室监测到一则Commvault-WebServer组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-57790，漏洞威胁等级：高危。

Rrise of SIM swap fraud, its implications, and how to protect yourself. Stay informed and secure your accounts today!

The post Protect Your Phone: Guard Against SIM Swap Scams and Fraud appeared first on Security Boulevard.

一图读懂 | 国家标准GB/T 31722—2025《网络安全技术 信息安全风险管理指导》

关保联盟推出AI安全认证培训，本课程旨在通过系统性知识学习，培养实战化AI安全人才，为“AI+”时代关键信息基础设施安全建设提供人才保障。

随着人工智能技术快速发展，高质量数据集已成为推动生成式人工智能创新发展的核心稀缺要素。

在数据要素加速成为驱动经济增长新引擎的时代背景下，构建安全、高效、可信的数据流通共享环境已成为激发数据潜能的关键基石。

This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors we will explore today allow an adversary during an indirect prompt injection to exfiltrate data from the developer’s machine. These vulnerabilities are a great example of Simon Willison’s lethal trifecta pattern. Overall, the security vulnerability reporting experience with Windsurf has not been great.

文章揭示了Windsurf（VS Code分支）中的安全漏洞，包括通过间接提示注入利用`read_url_content`工具窃取数据及渲染不受信任图片的风险。这些漏洞可能导致敏感信息泄露。尽管已负责任地披露问题，但修复进展未明。文章呼吁采取措施如加强人机交互和限制受信任域以缓解风险。

美国CDN提供商Fastly发布2025Q2威胁报告称，80%的网站流量来自AI爬虫，但真正威胁来自AI聊天机器人推理阶段的即时查询。高峰期每分钟对同一网站的并发请求高达3.9万次，远超普通爬虫，并可能引发类似DDoS攻击的效果。

Currently trending CVE - Hype Score: 31 - A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and ...

Currently trending CVE - Hype Score: 31 - VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management ...

Currently trending CVE - Hype Score: 31 - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series ...

Currently trending CVE - Hype Score: 5 - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update ...

Currently trending CVE - Hype Score: 1 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Guardio reveals a new AI take on ClickFix dubbed “PromptFix”

文章指出密码是数字身份的核心，一旦被盗可能引发金融诈骗和数据泄露。2025年数据显示密码盗窃占网络攻击的20%，主要通过钓鱼攻击、恶意软件和数据泄露传播。防范措施包括多因素认证、无密码登录技术及安全意识培训。

​小米，重要的事不止造车。

当前环境出现异常状态，需完成验证后方可继续访问。

The Document Foundation 宣布发布 LibreOffice 25.8。主要新变化包括：增强了用户界面，Welcome/What’s New 对话框能直接访问用户界面选择器和外观选项；改进了打开文档的速度和滚动性能，Writer 和 Calc 打开文档的速度提升了最多 30%；优化内存管理，虚拟桌面和瘦客户端上的操作更流畅；增强了与 Microsoft Office 文件格式的互操作性，能更精确处理 DOCX、XLSX 和 PPTX 文件，减少格式问题；支持导出 PDF 2.0 格式，等等。