Aggregator

信息系统应用与安全构建安全可靠的数字未来CCF第40届中国计算机应用大会(CCF NCCA 2025)将于8月

A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and deceive unsuspecting users. The latest XwormRAT campaign represents a significant evolution in malware distribution methodology, […]

The post XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges and gain SYSTEM-level access to affected systems.  The vulnerability, tracked as CVE-2025-6759, affects multiple versions of Citrix Virtual Apps and Desktops and Citrix DaaS platforms, posing significant risks to enterprise environments relying on these virtualization […]

The post Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges appeared first on Cyber Security News.

A critical security vulnerability has been discovered in FortiWeb web application firewalls that enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests.  This vulnerability, classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), represents a significant threat to organizations relying on FortiWeb for web application […]

The post FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code appeared first on Cyber Security News.

日本鹿儿岛县奄美大岛近海附近海域近期观察到一群抹香鲸仰头以“站立”姿态睡觉。奄美海洋生物研究会会长兴克树 6 月 23 日在该岛以西约 15 公里的海域发现并拍摄了这一景象。兴克树回忆称，“这是迄今见过的最大鲸群，也是第一次看到它们的睡姿。非常感动。”兴克树称，在距海面约 3 米深处发现的约 20 头鲸群中，中央的四五头处于类似站着睡觉的状态。身体最长约 14 米。抹香鲸睡眠时间为每天中的近 2 小时，能够遇到这一瞬间十分珍贵。

一款帮助开发者选择颜色并获得 Google 验证徽章的取色器 (color pickers) 扩展看似无害，但安全研究人员称它会劫持浏览器会话、追踪网络活动，在受害者浏览器上植入后门。这款名为 Geco 扩展的下载量逾 10 万次，有 800 条评论，获得 4.2/5 星评价，安全公司 Koi Security 的研究人员称这是名为 RedDirection 的劫持浏览器的网络攻击行动的一部分，该行动涉及 18 个恶意扩展，逾 230 万 Chrome 和 Edge 用户受到影响。研究人员称，这些扩展最初不包含恶意代码，因此能获得 Google 的认证，它们是在后续更新中加入恶意代码的。

多模态知识处理黑科技，360 AI企业知识库加速数字化升级

360发布6月勒索软件流行态势报告，揭示双重勒索攻击格局重构

速修复

速修复

Всего несколько тапов — и вы сами дали хакерам все разрешения.

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain ...

Zero Data Retention offers a new path forward. One that enables intelligent automation, deep integrations and real-time workflows — without the baggage of persistent data storage

The post What is Zero Data Retention and Why it May Be the Future of Secure Automation appeared first on Security Boulevard.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Militairen hebben de afgelopen 2 weken 106 drones onschadelijk gemaakt boven marinekazerne Suffisant op Curaçao. De beveiliging van het luchtruim was nodig vanwege de spraakmakende Themis-strafzaak die daar plaatsvond. Een overzicht van Defensieoperaties in de week van 2 tot en met 8 juli 2025.

The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock

Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services.  These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106.  The vulnerabilities exploit different attack vectors, including HTTP/2 protocol weaknesses, file upload mechanisms, and stream handling capabilities.  […]

The post Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks appeared first on Cyber Security News.

两行代码致 VS Code 扩展遭供应链攻击

看雪论坛作者ID：asciibase64

学习如何分析题目+解决题目