Aggregator

A vulnerability, which was classified as problematic, has been found in Apple macOS up to 11.1. This issue affects some unknown processing of the component WebRTC. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2021-1799. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple watchOS. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to type confusion. This vulnerability is handled as CVE-2021-1789. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple tvOS. This affects an unknown part of the component WebKit. The manipulation leads to type confusion. This vulnerability is uniquely identified as CVE-2021-1789. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fortinet FortiOS and FortiProxy. It has been classified as critical. This affects an unknown part of the component API. The manipulation leads to missing critical step in authentication. This vulnerability is uniquely identified as CVE-2024-52965. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Fortinet FortiOS and FortiProxy and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DNS Filter. The manipulation leads to security check for standard. This vulnerability is known as CVE-2024-55599. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Microsoft SQL Server. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-49719. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

感谢各位安全专家长期关注阿里巴巴集团安全，帮助阿里云先知提高阿里巴巴集团和客户安全水平，保障数亿用户的安全！

Как CVE-2025-49719 стала билетом в закрытые базы данных без пароля.

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

Security researchers discover novel animation-based vulnerability affecting 76% of Android apps. Security researchers at TU Wien have uncovered a sophisticated new attack vector dubbed “TapTrap” that enables malicious Android applications to bypass the operating system’s permission system and execute destructive actions without user knowledge. The attack exploits a previously unknown vulnerability in Android’s activity transition […]

The post New Android TapTrap Attack Let Malicious Apps Bypass Permission and Carry out Destructive Actions appeared first on Cyber Security News.

官方称中国等部分国家的订单已可通过电话或邮件处理

Cybersecurity researcher Jeremiah Fowler uncovered a massive 286GB data exposure at Texas-based Rockerbox, a tax credit consultancy. Exposed data includes SSNs, DD214s, and financial details, raising serious identity theft and fraud concerns.

2025年6月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1849.6万件，环比增长1.1%、同比下降7.2%。

2025年6月，网络谣言主要聚焦社会热点、灾情事故、伪科普等领域，造谣者通过手段虚构或夸大事实，扰乱正常社会秩序。相关部门迅速响应，通过权威信息发布、跨部门联动执法等举措依法惩治造谣传谣行为，持续筑牢网络空间清朗防线。

近年来，我国网络安全保险为数字经济快速发展提供了有力的保障，促进经济增长结构优化，推动新质生产力发展，现已成为我国经济的“减震器”和社会的“稳定器”。

随着大模型应用业态的不断丰富，预计其技术影响范围将持续扩大。为了保障大模型的安全和合规使用，企业组织必须以全面的风险管控框架，进行风险分析及安全设计，从顶层进行规划，确保大模型技术在风险受控的前提下得以导入和应用。

这篇文章探讨了稀土元素在全球经济和地缘政治中的关键作用。中国在稀土开采和加工方面占据主导地位，这对高科技产业、人工智能和可再生能源的发展至关重要。全球各国正寻求多元化供应链以减少对中国依赖，同时面临环保挑战和探索替代方案。

Start your red teaming journey with intent, not ambition. Designate a lead with both AI literacy and a security mindset.

The post A Practical Guide to Building a Red Teaming Strategy for AI appeared first on Security Boulevard.

Alexa, позови юриста.