Aggregator

Sitecore被部署在数千个环境中，包括银行、航空公司和全球企业，影响广泛。

能源行业正经历一场前所未有的安全变革。随着“双碳”目标推进，风电、光伏等新能源并网规模激增，电力物联网、油气管网智能化改造加速，传统封闭隔离的安全防护模式正被彻底打破。面对高级持续性威胁（APT）、勒索软件等新型攻击手段的严峻挑战，能源行业正加速构建以主动防御、AI智能监测、韧性保障为核心的新型安全体系，通过零信任架构等创新技术手段，打造更高效、更可靠的网络安全防护能力。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，当前能源行业的安全建设正从基础防护向“业务安全与生产安全并重”转变。过去能源行业主要关注工控系统的基础隔离与合规要求，如今更强调攻击溯源、实时监测、生产业务零中断等高阶能力。此外，托管式安全运营服务正助力中小能源企业实现专业化、集约化的安全防护。 基于这些发现，我们将重点展示几个具有代表性的能源行业优秀安全解决方案，为能源行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编

In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also shares practical strategies for working with third-party partners and preparing for the next wave of automation. What unique cybersecurity challenges arise from smart warehouse systems and industrial control systems? Smart warehouses incorporate a … More →

The post Building cyber resilience in always-on industrial environments appeared first on Help Net Security.

A vulnerability was found in HYDRO Plugin up to 2.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-31428. It is possible to launch the attack remotely. There is no exploit available.

一群图书作者起诉社交巨人，指控其未经许可盗版了数百万册受版权保护的书籍去训练其大模型 Llama。旧金山联邦法官 Vince Chhabria 周三裁定，Meta 使用书籍训练大模型受到了版权法合理使用的保护。但他强调，做出这一裁决更多是因为原告未能有效提供证据证明其指控。Meta 辩解称大模型无法复制版权材料，它就像人读完一本书之后能总结该书的信息，包括模仿写作风格，但不会一模一样复制。原告未能反驳 Meta 这一抗辩。为训练 Llama，Meta 被发现从盗版电子书库下载了逾百 TB 的电子书。

一群图书作者起诉社交巨人，指控其未经许可盗版了数百万册受版权保护的书籍去训练其大模型 Llama。旧金山联邦法官 Vince Chhabria 周三裁定，Meta 使用书籍训练大模型受到了

AI Assistants Accelerate Coding But Can Create Huge Risks for the Inexperienced
When used well, vibe coding can unlock astonishing productivity and lower the barrier to getting ideas off the ground. But here's the problem: Too many newcomers are mistaking it as a replacement for a deep understanding of coding and software development principles.

Trojanized NetExtender Installer Exfiltrates Data to Hardcoded IP Address
Fake versions of SonicWall VPN software contain a credential-stealing Trojan, the California network security company warned Monday. Imposter versions of tools such as VPNs, virtual desktops and software development tools "are often laced with infostealers."

Predibase Acquisition Adds AI Talent, Cost-Optimization and Fine-Tuning Model Tech
Rubrik has acquired Predibase to accelerate enterprise generative AI adoption with improved accuracy and efficiency. Rubrik will combine its trusted data security with Predibase’s model hosting and tuning to drive scalable, trustworthy AI deployment to help scale projects from pilot to production.

Agency: Rising Threats Put Manufacturing Supply Chains, Patient Safety at Risk
The Food and Drug Administration is urging medical product makers to carefully address the cybersecurity of their connected operational technologies, including advanced and "smart" devices used in their manufacturing and supply chains, to reduce the risk to rising cyberthreats.

'IntelBroker' Faces Four-Count Indictment in Manhattan Federal Court
A hacker known online as "IntelBroker" and who has a history of spilling sensitive information faces a four-count criminal indictment in the United States after French police arrested him in February. IntelBroker's true identity is British national Kai West, U.S. federal Manhattan prosecutors said.

Israel's cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.11.4/18.0.2/18.1.0 and classified as problematic. This issue affects some unknown processing of the component GraphQL Handler. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-3279. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in snyk up to 1.1297.2 and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument line leads to sensitive information in log files. This vulnerability was named CVE-2025-6624. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in berkeley-abc abc 1.1. This affects the function Abc_NtkCecFraigPart. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-45333. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in vkoskiv c-ray 1.1. Affected by this issue is the function parse_mtllib. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-45332. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in OpenBao up to 2.2.x. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive information in log files. This vulnerability is known as CVE-2025-52893. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PDF-XChange Editor 10.5.2.395. It has been rated as critical. This issue affects some unknown processing of the component App Object Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-6661. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in GitLab Enterprise Edition up to 17.11.4/18.0.2/18.1.0. Affected is an unknown function of the component GraphQL Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-5846. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.