Aggregator

近期，CNNVD开展了2025年度（第三期）漏洞奖励评选工作，其中46个漏洞在我国网络安全漏洞预警及风险消控工作中发挥了积极作用，获奖名单如下。

Storm-0249, once known primarily as a mass phishing group, has undergone a significant transformation into a sophisticated initial access broker specializing in precision attacks. This evolution marks a critical shift in threat tactics, moving away from noisy phishing campaigns toward stealthy, post-exploitation techniques designed to deliver ransomware-ready access to criminal affiliates. The threat actor now […]

The post Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity appeared first on Cyber Security News.

先知安全沙龙第11场 - 近源渗透在红队实战中的落地

当前，将数据标记为无效的数据删除方式，未彻底清除存储介质的数据。为满足用户在电子产品二手流通、送检维修、报废下线等场景深度清除数据的要求，防范数据泄露及恶意恢复。

当地时间12月10日，依据去年11月通过的《2024网络安全（社交媒体最低年龄）修正案》，澳大利亚正式实施全球首例针对未成年人的社交媒体禁令。该国由此成为全球首个以立法形式全面禁止16岁以下未成年人使用多数社交媒体平台的国家。

党的二十届四中全会《建议》提出“加强网络内容建设和管理”，将其作为“激发全民族文化创新创造活力，繁荣发展社会主义文化”的重要举措。持续深化网络生态治理，加强网络内容建设和管理，已成为以中国式现代化全面推进强国建设、民族复兴伟业的战略所需。

由中央网信办提出并归口的《数据安全技术 电子产品信息清除技术要求》强制性国家标准经国家市场监督管理总局、国家标准化管理委员会批准发布，对于落实党的二十届四中全会关于加强个人信息保护的重要精神具有意义，也对数据行业高质量发展具有显著推动作用。

“网络生态治理是世界各国面临的共同课题。要积极参与国际规则制定，携手各国打击网络违法犯罪，推动构建网络空间命运共同体。”11月28日，习近平总书记在主持中共中央政治局第二十三次集体学习时强调。

Британия запустила критически важный объект для термояда.

The cybersecurity battlefield has changed. Attackers are faster, more automated, and more persistent than ever. As businesses shift to cloud, remote work, SaaS, and distributed infrastructure, their security needs have outgrown traditional IT support. This is the turning point:Managed Service Providers (MSPs) are evolving into full-scale Managed Security Service Providers (MSSPs) – and the ones

The post Managed Security Services 2.0: How MSPs & MSSPs Can Dominate the Cybersecurity Market in 2025 appeared first on Seceon Inc.

The post Managed Security Services 2.0: How MSPs & MSSPs Can Dominate the Cybersecurity Market in 2025 appeared first on Security Boulevard.

免费远程初诊(30分钟)·15分钟响应·全程保密

0patch发现可强制崩溃系统服务的未修复高危漏洞。

看雪论坛作者ID：xi@0ji233

一、平台攻防态势1. 云平台默认防御水位默认防御是阿里云平台默认提供的基础防御能力，可基于海量云安全威胁情报，

精准预判需求、经营全局优化、动态内容生成与服务，形成营销闭环。

The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to reduce exposure, citing multiple vulnerabilities across wireless interfaces, apps, OSs, and even hardware. The agency reiterates basic hygiene: install apps only from official stores, review […]

The UK’s National Cyber Security Centre has called on businesses to apply Cyber Essentials to suppliers

/

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React…

Microsoft’s December 2025 security updates have unleashed an unexpected headache for enterprise admins relying on Message Queuing (MSMQ). Installed via KB5071546 on December 9, the patch targeting OS Build 19045.6691 alters MSMQ’s security model, leading to widespread failures in queue operations. Confirmed on December 12, the issue is most severe in high-load clustered environments, causing […]

The post Microsoft December 2025 Security Updates Breaking Message Queuing (MSMQ) Functionality Affects IIS Sites appeared first on Cyber Security News.