Aggregator

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host

Sudo工具发现两个安全漏洞（CVE-2025-32462和CVE-2025-32463），允许本地攻击者提升权限至root。前者涉及sudoers文件中主机配置问题，后者利用chroot选项加载恶意库。修复版本1.9.17p1已发布，多个Linux发行版已更新公告。

A sophisticated technique to bypass Content Security Policy (CSP) protections using a combination of HTML injection and browser cache manipulation.  The method exploits the interaction between nonce-based CSP implementations and browser caching mechanisms, specifically targeting the back/forward cache (bfcache) and disk cache systems.  Key Takeaways1. Researchers exploit browser caching to bypass Content Security Policy protections.2. […]

The post New Sophisticated Attack Bypasses Content Security Policy Using HTML-Injection Technique appeared first on Cyber Security News.

Hydrografisch opnemingsvaartuig Zr.Ms. Snellius is vandaag teruggekeerd in Den Helder. Het schip opereerde op de Oostzee. Daar maakte het afgelopen 3 maanden deel uit van de Standing NATO Mine Countermeasures Group 1 (SNMCMG1). Beveiliging van onderzeese infrastructuur stond centraal binnen dit NAVO-vlootverband.

微信上线聊天记录备份与恢复功能，支持U盘备份、自动备份及自定义备份。用户可清空群聊或联系人聊天记录以释放空间，并在需要时恢复。然而部分用户更新后未发现该功能，怀疑官宣不实。

Currently trending CVE - Hype Score: 17 - The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

文章介绍了Phi-3系列语言模型及其变体（mini、small、medium），探讨了其技术规格、训练方法及优化策略。Phi-3-mini采用Transformer解码器架构，支持长上下文处理，并通过量化技术实现在移动设备上的高效运行。Phi-3-small引入分组查询注意力机制和块稀疏注意力模块以优化性能与效率。训练采用高质量过滤数据与合成数据结合，并通过监督微调和直接偏好优化提升模型能力。

HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ screens with out-of-context ads while employing cunning tactics to hide app icons and obscure […]

The post Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is currently investigating a significant service disruption affecting Microsoft Forms, leaving numerous users unable to access the popular online survey and quiz platform. The issue, identified as incident FM1109073, began on July 4, 2025, at 12:42 PM GMT+5:30 and has been classified as a service degradation affecting global users. The outage is preventing users […]

The post Microsoft Investigating Forms Service Issue Not Accessible for Users appeared first on Cyber Security News.

当前环境出现异常，请完成验证后继续访问。

当前环境异常，需完成验证后方可继续访问。

👍👍👍

👍👍👍

新增功能，实战详解！

当前环境出现异常提示，需完成验证后方可继续访问。

文章介绍了phi-3-mini语言模型及其扩展版本phi-3-small和phi-3-medium，这些模型通过优化数据集设计，在较小规模下实现了与大型模型相当的性能，并支持本地部署。此外还推出了具备图像处理能力的phi-3-vision模型。

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

一项新研究表明，空气污染、传统草药和其他环境暴露与基因突变有关，这可能导致没有吸烟史或几乎没有吸烟史的人患上肺癌。研究团队分析了 871 名非吸烟者的肺癌组织，这些人群居住在非洲、亚洲、欧洲和北美洲 28 个空气污染程度不同的地区。研究人员利用全基因组测序，发现了独特的 DNA 突变模式。他们发现，生活在污染更严重环境中的从不吸烟者，其肺癌肿瘤突变显著增多。研究还发现，与传统中草药中发现的致癌物马兜铃酸有关的特殊突变特征几乎只在台湾从不吸烟的肺癌病例中被发现。虽然马兜铃酸以前被认为与摄入膀胱癌、胃肠道癌、肾癌和肝癌有关，但这是第一次有证据表明马兜铃酸可能会导致肺癌。

Обновите свою систему прямо сейчас, пока хакеры не воспользовались её уязвимостью.

Threat actors have developed a clever social engineering technique to disseminate malware by posing as trustworthy security measures, which is a terrifying new development in the realm of cybercrime. Cybersecurity researchers have uncovered a malicious campaign that leverages fake Cloudflare verification screens to trick unsuspecting users into executing harmful code on their systems. This attack […]

The post Cybercriminals Use Fake Cloudflare Verification Screens to Deceive Users into Running Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.