Aggregator

双奖加冕 | 梆梆安全斩获网信联盟生态双料大奖,领航2025网安产业新格局

嘶吼
9 months 1 week ago

近日,中关村网络安全与信息化产业联盟(以下简称“联盟”)第三届第二次会员大会在京顺利召开。来自全国的联盟成员代表、政府机关领导、行业专家等130余人参加会议。在会议表彰环节,梆梆安全荣获“2024网信生态协同贡献奖”和“2024联盟工作卓越贡献奖”两项荣誉。

联盟此次召开会议,充分发挥桥梁纽带作用,为行业生态内的产业交流与合作提供了重要平台。一直以来,梆梆安全大力支持并积极参与联盟组织的各项活动,参与的《大咖聊网安》第一季至今还在不断发酵;在联盟组织的前锋汇等各项活动中身影频现,持续赋能;聚集公司高层与联盟专家展开技术交流,受益良多。此次荣获殊荣,不仅彰显了梆梆安全与联盟协同创新、共促发展的实践成果,更寄托着业界对我们持续精进技术、引领网络安全产业变革的殷切期待。

作为移动安全领域的拓路先锋,梆梆安全始终以技术创新为引擎,为政府、企业、开发者和消费者构筑起覆盖移动应用全生命周期的立体化防护体系,为千行百业的数字化转型进程保驾护航。在赋能行业发展的征途上,梆梆安全将积极参与网信生态建设,持续与产业伙伴共筑数字世界的安全基座


梆梆安全

【重磅发布】梆梆安全发布首款鸿蒙仓颉语言加固产品,筑牢鸿蒙核心代码安全防线

嘶吼
9 months 1 week ago

随着鸿蒙生态的快速扩张,HarmonyOS NEXT作为全球第三大智能操作系统,正加速推动万物互联时代的到来。然而,鸿蒙应用面临的代码逆向、数据窃取等安全威胁也日益严峻。作为深耕移动安全领域十余年的专业安全厂商,梆梆安全始终以技术创新为驱动,持续拓展行业应用新场景。此次梆梆安全在移动应用安全领域率先推出鸿蒙仓颉语言加固保护能力,为鸿蒙应用构建全链路安全屏障,再次突破鸿蒙技术创新实践。

梆梆安全鸿蒙仓颉语言加固,筑牢鸿蒙核心代码安全防线

仓颉语言(HarmonyOS Cangjie)是华为专为HarmonyOS NEXT下高性能、高安全场景设计的系统级编程语言,将广泛应用于金融、政企、互联网、智能汽车、物联网等领域的底层开发。然而,其代码若未得到有效保护,极易成为黑客攻击的突破口。

基于对鸿蒙生态的深度理解,梆梆安全攻克仓颉语言加固技术难题,推出以下核心能力:

1. 多层次代码保护

控制流隐匿:通过控制流平坦化、不透明为此、虚假分支注入等技术,彻底打乱代码逻辑,抵御静态逆向分析。

变量与函数加密:对关键变量、函数名进行动态混淆,消除代码可读性。常量与字符串保护:采用分段加密和随机化存储技术,防止敏感数据明文暴露。

2. 动态运行时防护

防动态调试攻击:及时发现并阻断调试器注入和内存动态调试攻击。防高风险环境运行:实时检测鸿蒙开源系统(OpenHarmony)、越狱设备、模拟器、网络代理等各种高风险运行环境,及时预警处置。防二次打包:实时校验鸿蒙应用正版开发者签名信息,防止签名篡改和二次打包发布、安装。

3. 信息泄露防护

防屏幕信息泄露:实时捕捉屏幕截图、屏幕录制行为,及时警示终端用户注意个人隐私信息保密。防屏幕共享泄露:实时监测各类会议软件、远程控制软件的屏幕共享行为,及时警示终端用户提高警惕,防止窃取个人隐私信息和诱导性诈骗行为。防运行信息泄露:自动清除应用运行日志信息,防止敏感信息被非法利用。

产品优势


  • 覆盖全栈鸿蒙语言生态

同时支持ArkTS、C/C++、仓颉语言及SO文件加固,全面覆盖鸿蒙NEXT应用开发技术栈,为企业提供“一站式”安全保护解决方案。
  • 灵活部署,极简运维
支持极简化部署,用户可通过DevEco Studio插件一键完成加固,并实时查看防护策略与日志。无论是初创团队还是大型企业,均可按需选择,实现安全能力的“零门槛”接入。
  • 赋能千行百业,守护数字未来
产品适用广泛,可以为金融、教育、医疗、政企、互联网、运营商、智能汽车、航空航天、智能家居等各行业鸿蒙应用提供全栈安全保护能力,保护企业核心算法、知识产权安全。

以守护数字安全为己任,梆梆安全积极融入金融、政企、智能汽车等关键领域的安全建设,坚持自主可控的技术能力筑牢国产操作系统安全底座。未来,梆梆安全将继续以创新为驱动,响应国家网络安全号召,携手行业伙伴共筑鸿蒙生态安全屏障,为数字中国的高质量发展注入坚实动能。


梆梆安全

CVE-2024-13824 | Potenzaglobalsolutions CiyaShop Plugin up to 4.19.0 on WordPress add_ciyashop_wishlist/ciyashop_get_compare deserialization

VulDB Recent Entries
9 months 1 week ago
A vulnerability has been found in Potenzaglobalsolutions CiyaShop Plugin up to 4.19.0 on WordPress and classified as critical. Affected by this vulnerability is the function add_ciyashop_wishlist/ciyashop_get_compare. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-13824. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-1764 | hiddenpearls LoginPress Plugin up to 3.3.1 on WordPress WPBRIGADE_SDK__DEV_MODE cross-site request forgery

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic was found in hiddenpearls LoginPress Plugin up to 3.3.1 on WordPress. This vulnerability affects unknown code. The manipulation of the argument WPBRIGADE_SDK__DEV_MODE leads to cross-site request forgery. This vulnerability was named CVE-2025-1764. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-1526 | detheme DethemeKit for Elementor Plugin up to 2.1.9 on WordPress De Product Display Widget cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in detheme DethemeKit for Elementor Plugin up to 2.1.9 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component De Product Display Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-1526. The attack can be launched remotely. There is no exploit available.
vuldb.com

Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover 

Cyber Security News
9 months 1 week ago

Two sophisticated phishing campaigns were observed targeting Microsoft 365 users by exploiting OAuth redirection vulnerabilities combined with brand impersonation techniques.  Threat researchers are warning organizations about these highly targeted attacks designed to bypass traditional security controls and achieve account takeover (ATO). The malicious campaigns leverage familiar brands including Adobe and DocuSign to trick users into […]

The post Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover  appeared first on Cyber Security News.

Kaaviya

CVE-2025-2166 | creativemindssolutions CM FAQ Plugin up to 1.2.5 on WordPress remove_query_arg cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in creativemindssolutions CM FAQ Plugin up to 1.2.5 on WordPress. It has been classified as problematic. Affected is the function remove_query_arg. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2166. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-24855 | Xmlsoft libxslt up to 1.1.42 numbers.c use after free (Issue 128)

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Xmlsoft libxslt up to 1.1.42 and classified as critical. This issue affects the function xsltNumberFormatGetValue/xsltEvalXPathPredicate/xsltEvalXPathStringNs/xsltComputeSortResultInternal of the file numbers.c. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-24855. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-13407 | omnipressteam Omnipress Plugin up to 1.5.4 on WordPress Megamenu Block authorization

VulDB Recent Entries
9 months 1 week ago
A vulnerability has been found in omnipressteam Omnipress Plugin up to 1.5.4 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Megamenu Block. The manipulation leads to authorization bypass. This vulnerability was named CVE-2024-13407. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-0952 | cmsmasters Eco Nature Plugin up to 2.0.4 on WordPress cmsmasters_hide_admin_notice authorization

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in cmsmasters Eco Nature Plugin up to 2.0.4 on WordPress. This affects the function cmsmasters_hide_admin_notice. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-0952. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-2221 | whyun WPCOM Member Plugin up to 1.7.6 on WordPress user_phone sql injection

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as critical, has been found in whyun WPCOM Member Plugin up to 1.7.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument user_phone leads to sql injection. This vulnerability is handled as CVE-2025-2221. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-2103 | IronTemplates SoundRise Music Plugin up to 1.6.11 on WordPress theironMusic_ajax authorization

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as critical was found in IronTemplates SoundRise Music Plugin up to 1.6.11 on WordPress. Affected by this vulnerability is the function theironMusic_ajax. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-2103. The attack can be launched remotely. There is no exploit available.
vuldb.com

Managed ad