微软补丁日安全通告 | 9月份
当前环境出现异常,需完成验证后才能继续访问。
Aggregator
Microsoft’s September Patch Tuesday: Two Zero-Days and 81 Fixes
9 months 1 week ago
In its September Patch Tuesday release, Microsoft delivered a sweeping package of updates, addressing 81 vulnerabilities across its
The post Microsoft’s September Patch Tuesday: Two Zero-Days and 81 Fixes appeared first on Penetration Testing Tools.
ddos
【超详细解析】用友NC系统ComboOperTools存在XML实体注入漏洞的分析
9 months 1 week ago
2025年8月10日,用友官方发布关于NC系统ComboOperTools存在XML实体注入漏洞的修复通告,宣布修复了NC系统importCombo接口的XXE漏洞,攻击者通过构造恶意XML文件,利用 importCombo 接口上传并解析,实现任意文件读取或SSRF攻击等操作,进而可能导致敏感信息泄露或进一步的系统入侵。
Automated network pentesting uncovers what traditional tests missed
9 months 1 week ago
Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities. A new report, based on over 50,000 automated penetration tests performed with Vonahi Security’s vPenTest SaaS platform, has shown why once-per-year manual testing isn’t enough. The tests flagged the same preventable gaps across many organizations. Most frequently, they allowed multicast DNS … More →
The post Automated network pentesting uncovers what traditional tests missed appeared first on Help Net Security.
Zeljka Zorz
Pwn My Ride: Apple CarPlay RCE - iAP2 protocol and CVE-2025-24132 Explained
9 months 1 week ago
/r/netsec 是一个由社区管理的技术信息安全内容聚合平台,旨在为安全从业者、学生、研究人员和黑客提供有价值的信息。
Hackers Impersonate Google AppSheet in Latest Phishing Campaign
9 months 1 week ago
The cybersecurity landscape has witnessed a novel phishing campaign that weaponizes Google’s no-code platform, AppSheet, to harvest user credentials. By abusing AppSheet’s trusted email infrastructure, attackers are bypassing traditional security controls and delivering malicious content from legitimate domains. This development underscores the urgent need for context-aware detection systems that analyze message intent, not just sender […]
The post Hackers Impersonate Google AppSheet in Latest Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Mayura Kathir
«Люди наносят ответный удар». Павел Дуров заявил, что гордится ролью Telegram в организации протестов
9 months 1 week ago
Основатель мессенджера прокомментировал использование платформы для организации акций во Франции.
KillSec Ransomware is Attacking Healthcare Institutions in Brazil
9 months 1 week ago
KillSec 勒索软件攻击巴西医疗软件提供商 MedicSolution,利用不安全的 AWS S3 存储桶窃取超 34 GB 医疗数据,包括实验室结果、X 光片及未成年人记录,并威胁泄露以勒索赎金。这是巴西医疗行业首次重大供应链攻击事件。
KillSec Ransomware is Attacking Healthcare Institutions in Brazil
9 months 1 week ago
KillSec Ransomware claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The KillSec Ransomware group has threatened to leak sensitive data unless negotiations are initiated promptly. According to threat intelligence reporting by Resecurity, the root cause of the incident – data exfiltration from insecure AWS S3 bucket. […]
Pierluigi Paganini
Why sandboxing matters now — and how to choose one that gives you facts, not fiction
9 months 1 week ago
自动化和AI正在改变安全运营中心(SOCs)的工作方式,但需依赖高质量数据。现代沙盒技术通过提供可靠的行为证据支持检测工程、事件响应和威胁情报。关键在于选择具备抗规避能力、完整执行跟踪、环境仿真和高保真输出的沙盒工具以提升决策准确性。
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago
9 months 1 week ago
美国家具制造商Lovesac因黑客入侵导致客户数据泄露,涉及姓名等个人信息。黑客在2月12日至3月3日期间访问其系统并窃取文件。RansomHub勒索团伙声称窃取40GB数据并威胁泄露。尽管该团伙已停止活动,客户仍需警惕身份盗窃风险,并可免费获得两年信用监控服务以防范潜在风险。
摸鱼文学新篇章 ✨
9 months 1 week ago
接下来,向大家走来的,是写起小说就发了狠忘了论文不
Malicious npm Code Reached 10% of Cloud Environments
9 months 1 week ago
Wiz Security warns that a recently discovered supply chain attack campaign targeting npm is far from over
Securing Agents Isn’t the Customer’s Job, it’s the Platform’s
9 months 1 week ago
文章探讨了企业在加速AI应用中的机遇与挑战:78%的企业已采用AI且一半以上实现收入增长。随着AI从简单助手发展为自主代理,传统安全措施已无法应对数据泄露、自主行为及非确定性系统风险。企业需整合开源工具并内置安全性至产品中以确保高效与合规。
Securing Agents Isn’t the Customer’s Job, it’s the Platform’s
9 months 1 week ago
As enterprises adopt AI agents at scale, security must evolve beyond policies and human oversight. From protecting enterprise data and preventing prompt injection to enforcing permission boundaries and agent guardrails, platform providers—not customers—must embed security into AI systems.
The post Securing Agents Isn’t the Customer’s Job, it’s the Platform’s appeared first on Security Boulevard.
Sunil Agrawal
Gunra
9 months 1 week ago
You must login to view this content
cohenido
美国股市不再有超额收益
9 months 1 week ago
Apollo 首席经济学家 Torsten Slok 称,可供投资的上市公司数量越来越少,而选择进行 IPO 的企业创办年龄也越来越大。1999 年 IPO 企业的中位数年龄为 5 年;2022 年这一数字增至 8 年;而今天 IPO 的中位数年龄已增至 14 年。企业上市年龄的增长不仅是因为美联储在 2022 年加息的结果,也是越来越多的公司希望保持私有状态、避免上市后负担的结果。加上被动投资的主导地位、主动管理者的失败、公开市场的高相关性以及少数股票的高度集中,现实情况是公开市场几乎没有阿尔法收益(超额收益)可言。
美国股市不再有超额收益
9 months 1 week ago
Apollo首席经济学家Torsten Slok指出,可供投资的上市公司数量减少,IPO企业的创办年龄从1999年的5年增至现在的14年。企业更倾向于保持私有状态以避免上市后的负担。公开市场因被动投资主导、高相关性和少数股票集中而缺乏超额收益。
并非所有国家的用户都可以获得Windows 10 EUS许可证 部分国家被禁止访问
9 months 1 week ago
Windows 10 ESU 许可证受限于美国政策,部分国家和地区用户无法正常获取。最初限制白俄、俄等国及乌克兰用户,后删除乌克兰并新增黎巴嫩。受限用户可借助第三方工具 TSforce 获取许可证。
Critical Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code
9 months 1 week ago
Microsoft has released patches for two significant vulnerabilities in Microsoft Office that could allow attackers to execute malicious code on affected systems. The flaws, tracked as CVE-2025-54910 and CVE-2025-54906, were disclosed on September 9, 2025, and affect various versions of the popular productivity suite. While Microsoft has assessed exploitation as “less likely” for both vulnerabilities […]
The post Critical Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code appeared first on Cyber Security News.
Guru Baran