Aggregator

A vulnerability categorized as critical has been discovered in Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2. This affects an unknown part of the file /api/v4/teams/:teamId/restore. The manipulation results in missing authentication. This vulnerability is identified as CVE-2025-47870. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Даже рядовая семейная ссора теперь станет материалом для тренировки чужого алгоритма.

锦行科技成功入选安全管理、安全解决方案、安全服务三大核心模块，并登榜五大细分领域。

分享一篇文章。

2025年8月21日，深瞳漏洞实验室监测到一则Commvault-WebServer组件存在代码执行漏洞的信息，漏洞编号：CVE-2025-57790，漏洞威胁等级：高危。

Rrise of SIM swap fraud, its implications, and how to protect yourself. Stay informed and secure your accounts today!

The post Protect Your Phone: Guard Against SIM Swap Scams and Fraud appeared first on Security Boulevard.

一图读懂 | 国家标准GB/T 31722—2025《网络安全技术 信息安全风险管理指导》

关保联盟推出AI安全认证培训，本课程旨在通过系统性知识学习，培养实战化AI安全人才，为“AI+”时代关键信息基础设施安全建设提供人才保障。

随着人工智能技术快速发展，高质量数据集已成为推动生成式人工智能创新发展的核心稀缺要素。

在数据要素加速成为驱动经济增长新引擎的时代背景下，构建安全、高效、可信的数据流通共享环境已成为激发数据潜能的关键基石。

This is the first post in a series exploring security vulnerabilities in Windsurf. If you are unfamiliar with Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors we will explore today allow an adversary during an indirect prompt injection to exfiltrate data from the developer’s machine. These vulnerabilities are a great example of Simon Willison’s lethal trifecta pattern. Overall, the security vulnerability reporting experience with Windsurf has not been great.

文章揭示了Windsurf（VS Code分支）中的安全漏洞，包括通过间接提示注入利用`read_url_content`工具窃取数据及渲染不受信任图片的风险。这些漏洞可能导致敏感信息泄露。尽管已负责任地披露问题，但修复进展未明。文章呼吁采取措施如加强人机交互和限制受信任域以缓解风险。

美国CDN提供商Fastly发布2025Q2威胁报告称，80%的网站流量来自AI爬虫，但真正威胁来自AI聊天机器人推理阶段的即时查询。高峰期每分钟对同一网站的并发请求高达3.9万次，远超普通爬虫，并可能引发类似DDoS攻击的效果。

Currently trending CVE - Hype Score: 31 - A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and ...

Currently trending CVE - Hype Score: 31 - VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management ...

Currently trending CVE - Hype Score: 31 - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series ...

Currently trending CVE - Hype Score: 5 - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update ...

Currently trending CVE - Hype Score: 1 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Guardio reveals a new AI take on ClickFix dubbed “PromptFix”