Aggregator

近日，科来正式发布《网络通讯协议图》2025版。从IPv4到IPv6、从传统网络到业务上云、从有线到无线全面覆盖，以及物联网、车联网的普及，伴随技术的演进发展，科来持续将协议的研究成果绘制于协议图中，推动对于协议的理解与行业应用。

Microsoft and CrowdStrike announced a groundbreaking collaboration yesterday to streamline the confusing landscape of cyberthreat actor identification, marking what industry experts are calling a watershed moment for cybersecurity intelligence sharing. The partnership addresses a critical challenge that has long plagued the cybersecurity industry: the proliferation of different naming conventions for the same threat actors across […]

The post Microsoft and CrowdStrike Teaming Up to Bring Clarity To Threat Actor Mapping appeared first on Cyber Security News.

Когда Word работает сам, а Outlook всё понимает.

The 20-year bureau pro wants to see what it’s like to fight ransomware from the private sector.

The post Top FBI cyber official Cynthia Kaiser exits for Halcyon appeared first on CyberScoop.

Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region

Бизнесу придётся выбирать “своих”.

暗网惊现超强加密工具，你的电脑还安全吗？

看雪论坛作者ID：櫬木汐

欢迎点赞、转发、评论！！！

6月7日-9日，2025全球人工智能技术博览会，不见不散！

A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Nginx web servers.  The vulnerability, designated as CVE-2025-48866, affects all ModSecurity versions prior to 2.9.10 and allows attackers to crash systems through exploitation of the sanitiseArg […]

The post New ModSecurity WAF Vulnerability Let Attackers Crash the System appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5523. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #585711 / VDB-310218

A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-5522. The attack may be launched remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute harmful code disguised as legitimate libraries. This attack vector exploits the trust developers place in […]

The post Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #585342 / VDB-310959

银河系被广泛认为会在 45 亿年之后与其最近邻居仙女座相撞。但最新研究认为这并非是必然发生的。研究团队分析了来自哈勃和盖亚的资料，考虑了 22 种可能影响我们星系与邻近星系之间潜在碰撞的不同变量，并进行多达 10 万次的电脑模拟，并延伸至未来 100 亿年。由于变数太多，每个变数都有误差，累积起来对结果的不确定性相当大，结果显示银河系和仙女座在接下来 100 亿年内发生真正碰撞的机率只有约 50%，换言之，另一半的机率可能只是擦身而过，而非正面相撞。研究团队指出预测星系相互作用的长期未来具有很大的不确定性，但新发现挑战了先前的共识，并表明银河系的命运仍然是一个悬而未决的问题。再考虑到太阳会在大约 10 亿年后让地球变得不适合居住，而太阳本身也很可能在 50 亿年后燃烧殆尽，因此与仙女座相撞是我们在宇宙中最不需要担心的事。

Submit #584986 / VDB-310958

Submit #584947 / VDB-214689