Aggregator

A sophisticated new attack method that exploits AI models’ tendency to comply with legal-sounding text, successfully bypassing safety measures in popular development tools. A study by Pangea AI Security has revealed a novel prompt injection technique dubbed “LegalPwn” that weaponizes legal disclaimers, copyright notices, and terms of service to manipulate large language models (LLMs) into […]

The post New LegalPwn Attack Exploits Gemini, ChatGPT and other AI Tools into Executing Malicious Code via Disclaimers appeared first on Cyber Security News.

A survey of 1,000 IT, security and engineering professionals based in North America finds that most organizations are still struggling to manage and secure access to corporate networks.

The post Survey: Network Security Challenges Persist Despite Desire to Modernize appeared first on Security Boulevard.

Антивирус видит чистую фотографию, а внутри — шпионский вирус от Ким Чен Ына.

乌克兰的无人机完成了一项非同寻常的任务：快递电动自行车救出士兵。被称为 Rubizh 的乌克兰国民警卫队第四快速反应旅分享了一则长 16 分钟的相关视频，显示无人机吊起了一辆电动自行车，然后士兵骑着电动车返回安全地带。乌克兰方面称，这名士兵坚守的前线阵地遭到了袭击，多名战友阵亡，他发现自己与安全区隔离，不得不独自坚守阵地数日。为了营救这名士兵，参谋制定了用大型无人机运送电动自行车的计划，第一架无人机被击落，第二架因为过重而失败，第三架成功了。

Nederland doneert een steunpakket ter waarde van 500 miljoen euro aan Oekraïne. Dit is onderdeel van een nieuw Amerikaans initiatief, de zogeheten Prioritised Ukraine Requirements List (PURL). Hierbij nemen NAVO-bondgenoten militair materieel af uit de voorraden van de Verenigde Staten voor Oekraïne. Nederland financiert met deze bijdrage als eerste een volledig pakket en is hiermee de eerste NAVO-bondgenoot die via dit nieuwe initiatief middelen aan Oekraïne doneert.

本文介绍了什么大量赋值漏洞（Mass Assignment Vulnerabiltiy），并以CVE-2025-6702为例，分享了笔者是如何使用CodeQL去挖掘Spring中的大量赋值漏洞。

A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution

A January 2025 breach at Northwest Radiologists exposed data of 350,000 Washington State residents, the company confirmed. A data breach at Northwest Radiologists in January 2025 has exposed the personal information of 350,000 residents of Washington State, the company has confirmed. The security breach occurred on January 25, 2025 and caused “network disruption” at the […]

Name: idekCTF 2025 (an idekCTF event.)
Date: Aug. 2, 2025, 8 a.m. — 04 Aug. 2025, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.idek.team/
Rating weight: 52.06
Event organizers: idek

大模型漏洞分析准确度提升的实践分享 by ourren

「太阿」修升传——记一个科研型软件系统的成长之路 by ourren

更多最新文章，请访问SecWiki

Как ShadowSyndicate переизобрела киберпреступность?

JSCEAL malware targets millions using fake crypto app ads to steal wallets and data. Users urged to stay alert and avoid downloading from untrusted sources.

Mozilla 警告针对 Firefox 扩展开发者的钓鱼攻击，督促开发者对冒充 Mozilla 或 AMO (addons.mozilla.org) 发件人的邮件提高警惕。攻击者可能是利用钓鱼邮件劫持开发者的账号，然后向 Firefox 用户推送包含恶意代码的扩展更新，发动供应链攻击。安全研究人员称，目前针对 Firefox 的恶意插件旨在窃取加密货币钱包的凭证。

A vulnerability was found in Red Hat Ansible Automation Platform 2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-5988. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Intelbras RX 1500 and RX 3000. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component WiFi Network Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-26065. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Imagination Graphics DDK up to 24.2 RTM2. It has been classified as critical. Affected is an unknown function of the component GPU Handler. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is traded as CVE-2025-8109. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Austrian Archaeological Institute OpenAtlas 8.11.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-51536. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in Dell Unity up to 5.5.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-36605. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Dell PowerProtect Data Domain. This affects an unknown part of the component DDSH CLI. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-30097. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Dell PowerProtect Data Domain. Affected by this issue is some unknown functionality. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-30096. Local access is required to approach this attack. There is no exploit available.