Aggregator

Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. "Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform's fault injections (such as shutting down pods or disrupting network communications), and perform

OpenAI 与哈佛大学经济学家 David Denning 合作发表论文，首次使用内部数据披露用户是如何使用 ChatGPT 的。论文显示：ChatGPT 用户数从 2024 年初的 1 亿增长到 2025 年的逾 7 亿，全球约十分之一成年人人口使用它，每天发送 26 亿条消息，日流量为 Google 的五分之一；长期用户的日活跃度自 2025 年 6 月以来趋稳，近期的新增长来自于新注册用户；46% 的用户年龄在 18-25 岁之间；2022 年推出时八成用户为男性，如今女性用户占 52.4%；2025 年中期 72% 的使用与工作无关，用户更多将 ChatGPT 用于个人、创意和休闲需求而非生产力；28% 的对话涉及写作辅助（电子邮件、编辑、翻译），工作相关查询中写作辅助的比例提高到 42%，商业/管理职位中这一比例达到了 52%；14.9% 的工作相关使用与“做出决策和解决问题”相关。。

Currently trending CVE - Hype Score: 21 - Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.

Currently trending CVE - Hype Score: 21 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem of CrowdStrike-compatible security products. This availability enables customers to discover, buy, and implement Seraphic’s browser-native protection directly within the CrowdStrike Falcon platform. With this release, Seraphic […]

The post Las Vegas, United States, September 16th, 2025, CyberNewsWire appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

It’s nearly 20 years since I first encountered ransomware as the security editor of an online computer magazine, although at the time I had no idea what it was and the term had not yet been coined to describe it. A reader emailed me to describe how the main computer he used as part of […]

The post How ransomware turned from a private misery into a national emergency appeared first on Ransomware.org.

Microsoft has announced that the Windows Management Instrumentation Command-line (WMIC) tool will be removed after upgrading to Windows 11 25H2 and later. [...]

《人工智能安全治理框架》2.0版 by ourren

更多最新文章，请访问SecWiki

某在线拍卖系统代码审计

Las Vegas, United States, September 16th, 2025, CyberNewsWire Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem of CrowdStrike-compatible security products. This availability enables customers to discover, buy, and implement Seraphic’s browser-native protection directly within […]

The post Seraphic Browser-Native Protection Now Available for Purchase on the CrowdStrike Marketplace appeared first on Cyber Security News.

Fifteen ransomware groups have claimed shutdown on BreachForums; experts warn of rebrands and copycats

A vulnerability was found in SourceCodester Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2025-10420. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability has been found in SourceCodester Student Grading System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_students.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-10418. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in SourceCodester Student Grading System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /del_promote.php. Such manipulation of the argument sy leads to sql injection. This vulnerability is uniquely identified as CVE-2025-10419. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in Apple macOS. Affected by this issue is some unknown functionality of the component Media File Handler. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-43346. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_product. The manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2025-10417. It is possible to launch the attack remotely. Furthermore, an exploit is available.

​享界 S9T 将延续「9 系爆款」的传说？

自 2016 年以来，距离我们仅 40 光年的红矮星 TRAPPIST-1 的行星系统就引起了广泛关注，它有 7 颗类地行星位于宜居带或附近，因此可能存在液态水。天文学家认为它们是研究太阳系外行星适合生命存在的最著名实验室。韦伯太空望远镜升空之后天文学家对该星系展开了观测，首先排除了 TRAPPIST-1b 和 TRAPPIST-1d 存在大气层的可能性。韦伯发现 TRAPPIST-1e 有一个类似地球的气态包层，表面可能存在液态水。光谱显示其大气层富含分子氮，含有微量的二氧化碳和甲烷。如果获得确认，TRAPPIST-1e 可能是迄今为止发现的最像地球的系外行星。MIT 的天体物理学家 Ana Glidden 兴奋的表示，我们正处于一个探索的新时代。

Российская компания попала в престижный рейтинг IDC наравне с Tenable.

Security Operations Centers (SOCs) exist under ever-increasing pressure to detect and respond to threats before they escalate. Today’s fast-moving adversaries exploit gaps in threat visibility with automation, targeted ransomware, and zero-day exploits. The result? Severe operational disruptions, financial losses, and reputational harm.  Lessons from Recent Cyber Disruptions  These recent high-impact incidents show why SOCs need […]

The post Why Real-Time Threat Intelligence Is Critical for Modern SOCs appeared first on Cyber Security News.