Aggregator

基于多源知识的开源漏洞影响组件及其生态的识别方法

第一届软件基因组研讨会SWGeno@FSE25征稿通知2025年6月23~27日， 特隆赫姆，挪威Mon 23 - Fri 27 June 2025 Trondheim, Norway1简介

研究背景：开源漏洞质量至关重要目前开源软件基数大、使用范围广，开发人员能够通过拷贝、二次开发源代码以及引入依赖组件等方式复用其它开源软件，构成了复杂且庞大的开源软件供应链。开源软件给开发人员带来便利的

CISOs at Organizations That Fell Victim Have a Different Story, 451 Research Finds
Are your defenses against ransomware good enough to survive contact with the enemy? Don't be so sure. A new study from market researcher 451 Research finds that "overconfidence in security tooling remains an issue in the face of ransomware" for organizations that haven't yet fallen victim.

APT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT
A suspected South Asian threat actor targeted a Turkish defense organization, deploying malware via a RAR archive and using alternate data streams to deliver remote access Trojans. The group previously targeted multiple countries including China, India, Pakistan and Bangladesh.

Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps
The integration of Tidelift into Sonar's ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code.

Federal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025
The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack.

Regulators Say NIST's 2035 Deadline for Insecure Encryption Could Be Too Late
Australia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 - five years earlier than the deadline set by National Institute of Standards and Technology in the U.S.

推动煤矿行业向智能化、绿色化方向迈进。

背  景随着信息技术的日新月异，煤矿行业的智能化升级已成为提高生产效率、强化安全管理、促进可持续发展的关键路径。威努特超融合系统旨在助力煤矿企业打造一个以数据中心为核心，辐射各矿区及生产环节的统一云平

你可能错过的新鲜事ChatGPT 向所有用户开放 AI 搜索12 月 17 日，在其为期 12 天的直播发布活动中 OpenAI 宣布，ChatGPT 的 AI 搜索引擎正式向包含免费版用户在内的

A vulnerability classified as critical has been found in Google Android 12/12L/13/14. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-34719. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Google Android 14/15. Affected by this vulnerability is the function setTransactionState of the file SurfaceFlinger.cpp. The manipulation leads to state issue. This vulnerability is known as CVE-2024-40660. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android. It has been classified as problematic. Affected is the function PVRSRVRGXKickTA3DKM of the file rgxta3d.c. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2024-31337. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android. This affects an unknown part. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-34729. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Google Android. This issue affects the function DevmemXIntMapPages of the file devicemem_server.c. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-34747. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in NLnet Labs Unbound up to 1.21.0. This affects an unknown part. The manipulation leads to unchecked input for loop condition. This vulnerability is uniquely identified as CVE-2024-8508. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Android 12/12L/13/14. Affected by this issue is the function handleCreateConferenceComplete of the file ConnectionServiceWrapper.java. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-40656. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.