Aggregator

立法层面最先落地的数据空间

立法层面最先落地的数据空间

立法层面最先落地的数据空间

立法层面最先落地的数据空间

CVE-2024-27564 漏洞被积极利用，金融行业成主要目标，35%组织安全配置不足，全球攻击频发，修复迫在眉睫。

The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically target AI and cryptocurrency development pipelines, according to a ReversingLabs report. According to ReversingLabs data, open-source software remained a key element of supply chain risk in 2024. For example, incidents of exposed development secrets via publicly accessible, open-source packages rose 12% compared to 2023. And critical and exploitable software flaws … More →

The post Hackers target AI and crypto as software supply chain risks grow appeared first on Help Net Security.

Cloudflare 推出后量子加密技术，应对量子计算机对传统加密的“生存性威胁”，保护企业网络流量，防范“先收集，后解密”的攻击策略，确保未来通信安全。

Application Security Expert monday.com | United Kingdom | Hybrid – View job details As an Application Security Expert, you will provide guidance on security best practices and compliance, and undertake security testing. Develop security testing plans and integrate them into the software development lifecycle. Perform and oversee security testing and manage remediation of identified vulnerabilities. Application Security Analyst II, Information Security First National Financial | Canada | On-site – View job details As an Application … More →

The post Cybersecurity jobs available right now: March 18, 2025 appeared first on Help Net Security.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nitesh Surana (@_niteshsurana) of Trend Micro Research' was reported to the affected vendor on: 2025-03-18, 65 days ago. The vendor is given until 2025-07-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-18, 65 days ago. The vendor is given until 2025-07-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Dongjun Kim(@Enki WhiteHat) and Jongseong Kim(@Enki Whitehat)' was reported to the affected vendor on: 2025-03-18, 65 days ago. The vendor is given until 2025-07-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability was found in IXON IXrouter IX2400 3.0. It has been classified as critical. This affects an unknown part of the component UART/SSH. The manipulation leads to use of hard-coded password. This vulnerability is uniquely identified as CVE-2024-57790. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in Tenda AC8V4 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function get_parentControl_list_Info. The manipulation of the argument urls leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-25667. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Tenda AC8V4 16.03.34.06. It has been rated as critical. Affected by this issue is the function sub_47D878. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-25668. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in itsourcecode Simple ChatBox up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /message.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-25875. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Java SDK for CloudEvents 4.0.1. It has been declared as problematic. Affected by this vulnerability is the function deserializeArgs of the component XML Event Mesage Handler. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2024-55156. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in White-Jotter 0.2.2 and classified as critical. Affected by this issue is the function shiroFilter of the component URL Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-57176. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Netgear C7800 6.01.07 and classified as problematic. This issue affects some unknown processing of the component Administrative Web Interface. The manipulation leads to cleartext transmission of sensitive information. The identification of this vulnerability is CVE-2022-41545. The attack may be initiated remotely. Furthermore, there is an exploit available.

谷歌以320亿美元收购Wiz，加速AI时代云安全与多云战略，提升网络安全能力，抵御新兴威胁，推动多云普及，保护全球客户数据安全。

Security researchers have confirmed that a critical remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The vulnerability, which enables attackers to take control of servers with a simple PUT request, was disclosed last week, and proof-of-concept exploits were published on GitHub merely 30 hours later. […]

The post Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit appeared first on Cyber Security News.