Aggregator

01.NET漏洞背景微软的.NET技术广泛应用于全球企业级产品，包括其知名的Exchange、SharePoi

随着微软六个新的AI安全副驾驶的推出，越来越多人意识到AI安全助手在安全运营中心（SOC）的价值。这些工具正在 […]

新闻速览 •小红书被曝高频获取用户信息，官方回应 •冒充客服窃取2.43亿美元，加密货币盗窃案主犯Wiz落网 […]

A vulnerability, which was classified as critical, was found in HPE Aruba ClearPass Policy Manager up to 6.9.13/6.10.8/6.11.6/6.12.0. This affects an unknown part of the component Web-based Management Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-26297. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in HPE Aruba ClearPass Policy Manager up to 6.9.13/6.10.8/6.11.6/6.12.0 and classified as critical. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to improper authentication. This vulnerability was named CVE-2024-26298. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in libming 0.4.8. It has been declared as problematic. This vulnerability affects the function parseSWF_TEXTRECORD of the component SWF File Handler. The manipulation leads to memory leak. This vulnerability was named CVE-2024-24150. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in libming 0.4.8. Affected is the function parseSWF_DEFINEBUTTON of the component SWF File Handler. The manipulation leads to memory leak. This vulnerability is traded as CVE-2024-24146. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Deskfiler 1.2.3. Affected is an unknown function of the component Plugin Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-25291. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Hikvision HikCentral Professional up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-25063. The attack may be launched remotely. There is no exploit available.

Startup Hits $4.8B Valuation After Series E as It Disrupts VDI, Web Filtering Tools
Island’s enterprise browser platform is gaining traction as a replacement for SASE and legacy VDI and web filtering tools. Backed by $250 million in Series E funding, the startup plans to scale up globally and enhance R&D to support secure, simplified digital work environments.

Max Payout for Bug Bounty Program Up From $20,000 to $100,000
OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000.

State and Local Election Offices Face Growing Cyber Threat Amid Federal Budget Cuts
Top-ranking current and former security officials warned Thursday that President Donald Trump's budget cuts to the Cybersecurity and Infrastructure Security Agency and other election security efforts have left U.S. election infrastructure vulnerable to escalating cyber threats.

Outdated Systems Putting AI Adoption in the Public Sector at Risk, Report Says
Outdated IT systems and poor data-sharing practices between public offices could undermine the U.K. government's plans to deploy artificial intelligence capabilities to increase public sector efficiencies, a parliamentary committee said.

Startup Hits $4.8B Valuation After Series E as It Disrupts VDI, Web Filtering Tools
Island's enterprise browser platform is gaining traction as a replacement for SASE and legacy VDI and web filtering tools. Backed by $250 million in Series E funding, the startup plans to scale up globally and enhance R&D to support secure, simplified digital work environments.

Max Payout for Bug Bounty Program Up From $20,000 to $100,000
OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000.

State and Local Election Offices Face Growing Cyber Threat Amid Federal Budget Cuts
Top-ranking current and former security officials warned Thursday that President Donald Trump's budget cuts to the Cybersecurity and Infrastructure Security Agency and other election security efforts have left U.S. election infrastructure vulnerable to escalating cyber threats.

Outdated Systems Putting AI Adoption in the Public Sector at Risk, Report Says
Outdated IT systems and poor data-sharing practices between public offices could undermine the U.K. government's plans to deploy artificial intelligence capabilities to increase public sector efficiencies, a parliamentary committee said.