Aggregator

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞66个，影响到微软产品的其他厂商漏洞1个。

一直有朋友在咨询开班时间，让大家久等啦~

CVE-2017-12615、CVE-2024-50379、CVE-2025-24813漏洞分析学习

Trend Micro has issued an urgent security bulletin addressing five critical vulnerabilities in its Apex One endpoint security platform that could allow attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, assigned CVE identifiers CVE-2025-49154 through CVE-2025-49158, were disclosed on June 9, 2025, with CVSS scores ranging from 6.7 to 8.8, […]

The post Trend Micro Apex One Zero-Day Vulnerability Enables Attackers to Inject Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns. U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices that remote attackers can exploit to access a vehicle’s device profile without permission. The researchers warn that potential exploitation could allow attackers to track its location […]

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Local Security Authority Subsystem Service. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-32724. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Microsoft Windows. This vulnerability affects unknown code of the component Storage Management Provider. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-33060. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. This issue affects some unknown processing of the component Storage Management Provider. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-33061. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

От передачи первенца до бессмертной души — компании проверяют, читаете ли вы их условия.

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 (M365) Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been

关键词数据泄露美国航空业再被卷入隐私丑闻。

关键词网络攻击美国卫生与公众服务部（HHS）名下的疫苗宣传网站，近日被发现遭篡改，页面充斥着大量AI生成的垃圾

关键词Nytheon黑客圈出现了一款名为 Nytheon AI 的新型人工智能黑产平台，正在多个地下论坛活跃推

关键词违法犯罪近期，南京警方成功破获一起横跨多地的“黄牛抢号”案件，3个非法入侵医院挂号系统的“黑客黄牛”团伙

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap. Enterprises are Losing Track of Their Machine Identities Machine identities–service

A newly disclosed command injection vulnerability in Palo Alto Networks’ PAN-OS operating system poses significant security risks to enterprise firewall infrastructures worldwide.  The vulnerability, catalogued as CVE-2025-4230, enables authenticated administrators with command-line interface (CLI) access to execute arbitrary commands with root-level privileges, potentially compromising entire network security architectures.  Published on June 11, 2025, the security […]

The post Palo Alto Networks PAN-OS Vulnerability Let Attacker Run Arbitrary Commands as Root User appeared first on Cyber Security News.

Cybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor is reportedly offering the complete source code of a botnet that leverages Node.js runtime, blockchain-based command and control infrastructure, and modern web technologies to create a highly resilient and scalable […]

The post Cybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory surveillance, pose privacy and security risks and get simple tips to secure your own.