Aggregator

​先拍摄，后取景的力量

CW – OT Security Officer SSE | United Kingdom | On-site – View job details As a CW – OT Security Officer, you will lead and prioritise a programme of security audits and assurance to identify vulnerabilities within existing controls. You will monitor and audit supply chain to ensure security requirements are included within contracts and that suppliers deliver against these commitments. Cyber Security Architect (Application Security) ASIC | Australia | Hybrid – View job … More →

The post Cybersecurity jobs available right now: August 5, 2025 appeared first on Help Net Security.

<p>Plenty of people know how to toss an IP address and port list into Excel for sorting and searching but don’t get a chance to take it to a deeper level. Excel pivot tables are a great next step to explore, offering a…</p>

В iPhone появится ИИ, который отвечает вместо поиска.

文章总结了过去一周的网络安全新闻和技术动态，包括政策变化、漏洞披露、工具发布以及针对AEM RCE、Intune证书滥用、Entra攻击手法等的研究进展。

WTF，美国人发现，苏联人竟然装了数百个窃听器！

微软对Windows 10/11的盗版激活工具持宽容态度，知名激活脚本MAS直接托管在Azure和GitHub上，未收到微软的删除通知。这表明微软更关注通过预装软件获取收益，而非追究个人用户使用盗版的责任。

A vulnerability was found in Ruckus Virtual SmartZone and Network Director and classified as critical. This issue affects some unknown processing of the component JWT Signing Key Handler. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-44957. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been classified as problematic. Affected is an unknown function. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2025-44962. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSH. The manipulation leads to use of default cryptographic key. This vulnerability is known as CVE-2025-44954. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been rated as critical. Affected by this issue is some unknown functionality of the component API Route. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-44960. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ruckus Virtual SmartZone and Network Director. This vulnerability affects unknown code of the component JWT Token Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability was named CVE-2025-44963. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Ruckus Virtual SmartZone and Network Director and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to storing passwords in a recoverable format. This vulnerability is known as CVE-2025-44958. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. This vulnerability is known as CVE-2025-8517. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A critical vulnerability has been discovered in the Squid proxy server, enabling remote execution of arbitrary code. The flaw affects nearly all actively used versions, and given the widespread deployment of Squid, millions of...

The post Critical Squid Flaw Allows Remote Code Execution & Data Leakage appeared first on Penetration Testing Tools.

In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem, orchestrated by the North Korean threat actor known as Lazarus. Sonatype’s automated malware detection systems were the...

The post Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets appeared first on Penetration Testing Tools.

本报告数据整合自CNVD、CNNVD、Verizon DBIR、VulnCheck等漏洞研究平台，并结合奇安信CERT多源情报交叉验证。分析周期覆盖2025年1月1日至6月30日，通过对全球网络空间的动态监测，确保漏洞数据的准确性与时效性。

A new large-scale threat has emerged on the Android horizon, dubbed PlayPraetor—a sophisticated piece of malware capable of seizing full control over compromised devices. To date, over 11,000 devices have fallen under its sway,...

The post PlayPraetor: New Android RAT Infects 11,000+ Devices with Real-Time On-Device Fraud appeared first on Penetration Testing Tools.

The government of Luxembourg has launched an official investigation into an unprecedented disruption of the national telecommunications system that occurred on July 23. The cause of the outage, which left 4G and 5G mobile...

The post Luxembourg Hit by “Sophisticated” Cyberattack: Huawei Equipment Targeted, Mobile Networks Down for Hours appeared first on Penetration Testing Tools.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！