Aggregator

MITRE has released its Top 25 CWE list for 2025, compiled from software and hardware flaws behind almost 40,000 CVEs

A vulnerability was found in Elastic Kibana up to 7.17.29/8.19.7/9.1.7/9.2.1. It has been declared as problematic. This affects an unknown function. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-37732. The attack may be launched remotely. There is no exploit available. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

从“可用”到“智用”，360信创安全浏览器助力核心行业数字化跨越

很多弱点的位次发生了变化

速修复

Navigating the Most Complex Regulatory Landscapes in Cybersecurity Financial services and healthcare organizations operate under the most stringent regulatory frameworks in existence. From HIPAA and PCI-DSS to GLBA, SOX, and emerging regulations like DORA, these industries face a constant barrage of compliance requirements that demand not just checkboxes, but comprehensive, continuously monitored security programs. The

The post Compliance-Ready Cybersecurity for Finance and Healthcare: The Seceon Advantage appeared first on Seceon Inc.

The post Compliance-Ready Cybersecurity for Finance and Healthcare: The Seceon Advantage appeared first on Security Boulevard.

近期，CNNVD开展了2025年度（第三期）漏洞奖励评选工作，其中46个漏洞在我国网络安全漏洞预警及风险消控工作中发挥了积极作用，获奖名单如下。

Storm-0249, once known primarily as a mass phishing group, has undergone a significant transformation into a sophisticated initial access broker specializing in precision attacks. This evolution marks a critical shift in threat tactics, moving away from noisy phishing campaigns toward stealthy, post-exploitation techniques designed to deliver ransomware-ready access to criminal affiliates. The threat actor now […]

The post Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity appeared first on Cyber Security News.

先知安全沙龙第11场 - 近源渗透在红队实战中的落地

当前，将数据标记为无效的数据删除方式，未彻底清除存储介质的数据。为满足用户在电子产品二手流通、送检维修、报废下线等场景深度清除数据的要求，防范数据泄露及恶意恢复。

当地时间12月10日，依据去年11月通过的《2024网络安全（社交媒体最低年龄）修正案》，澳大利亚正式实施全球首例针对未成年人的社交媒体禁令。该国由此成为全球首个以立法形式全面禁止16岁以下未成年人使用多数社交媒体平台的国家。

党的二十届四中全会《建议》提出“加强网络内容建设和管理”，将其作为“激发全民族文化创新创造活力，繁荣发展社会主义文化”的重要举措。持续深化网络生态治理，加强网络内容建设和管理，已成为以中国式现代化全面推进强国建设、民族复兴伟业的战略所需。

由中央网信办提出并归口的《数据安全技术 电子产品信息清除技术要求》强制性国家标准经国家市场监督管理总局、国家标准化管理委员会批准发布，对于落实党的二十届四中全会关于加强个人信息保护的重要精神具有意义，也对数据行业高质量发展具有显著推动作用。

“网络生态治理是世界各国面临的共同课题。要积极参与国际规则制定，携手各国打击网络违法犯罪，推动构建网络空间命运共同体。”11月28日，习近平总书记在主持中共中央政治局第二十三次集体学习时强调。

Британия запустила критически важный объект для термояда.

The cybersecurity battlefield has changed. Attackers are faster, more automated, and more persistent than ever. As businesses shift to cloud, remote work, SaaS, and distributed infrastructure, their security needs have outgrown traditional IT support. This is the turning point:Managed Service Providers (MSPs) are evolving into full-scale Managed Security Service Providers (MSSPs) – and the ones

The post Managed Security Services 2.0: How MSPs & MSSPs Can Dominate the Cybersecurity Market in 2025 appeared first on Seceon Inc.

The post Managed Security Services 2.0: How MSPs & MSSPs Can Dominate the Cybersecurity Market in 2025 appeared first on Security Boulevard.

免费远程初诊(30分钟)·15分钟响应·全程保密

0patch发现可强制崩溃系统服务的未修复高危漏洞。

看雪论坛作者ID：xi@0ji233

一、平台攻防态势1. 云平台默认防御水位默认防御是阿里云平台默认提供的基础防御能力，可基于海量云安全威胁情报，