Aggregator

Forrester报告指出NSFOCUS CNAPP作为代表厂商入选云原生应用保护解决方案领域。该方案集成了云安全态势管理、容器安全、云工作负载保护等核心能力，采用轻量架构设计，灵活适应多种云原生环境，并为云原生应用全生命周期提供统一安全防护。

Пентагон доверил критическую инфраструктуру программисту из России.

部分 YouTube Premium 用户持续数月未享受免广告特权，谷歌近日承认问题并展开调查。尽管 Premium 订阅应自动免广告，但部分用户仍受广告干扰。有用户怀疑被降级至 Lite 版，但谷歌通常不会强制降级。问题原因尚不明确，修复前用户需继续忍受广告。

A vulnerability was found in Shanghai Aishu Information AnyShare up to 2025 and classified as critical. This vulnerability affects unknown code of the file /api/ServiceAgent/start_service of the component ServiceAgent API. The manipulation results in os command injection. This vulnerability is cataloged as CVE-2025-34160. The attack may be launched remotely. There is no exploit available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

A vulnerability has been found in Qi'anxin TianQing Management Center up to 6.7.0.4130 and classified as critical. This affects an unknown part of the file /rptsvr/upload of the component Multipart Form Handler. The manipulation of the argument filename leads to file inclusion. This vulnerability is listed as CVE-2024-13984. The attack may be initiated remotely. There is no available exploit. VulDB is the best source for vulnerability data and more expert information about this specific topic.

A vulnerability, which was classified as critical, was found in Fujian Apex LiveBOS up to 2024. Affected by this issue is some unknown functionality of the file UploadFile.do. Executing manipulation of the argument filename can lead to unrestricted upload. This vulnerability is tracked as CVE-2024-13981. The attack can be launched remotely. No exploit exists. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability, which was classified as critical, has been found in H3C Intelligent Management Center up to E0632H07. Affected by this vulnerability is an unknown functionality of the file /byod/index.xhtml. Performing manipulation of the argument javax.faces.ViewState results in deserialization. This vulnerability is identified as CVE-2024-13980. The attack can be initiated remotely. There is not any exploit available. Once again VulDB remains the best source for vulnerability data.

A vulnerability classified as critical was found in D-Link DIR-110, DIR-412, DIR-600, DIR-615, DIR-645 and DIR-815 1.03. Affected is an unknown function of the file service.cgi. Such manipulation of the argument Event leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is referenced as CVE-2018-25115. It is possible to launch the attack remotely. Furthermore, an exploit is available. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

A vulnerability classified as critical has been found in Hangzhou Shengqiao St. Joe ERP System. This impacts an unknown function of the component Login Endpoint. This manipulation causes sql injection. The identification of this vulnerability is CVE-2024-13979. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. If you want to get best quality of vulnerability data, you may have to visit VulDB.

A vulnerability described as problematic has been identified in GitLab Community Edition and Enterprise Edition up to 18.1.4/18.2.4/18.3.0. This affects an unknown function. The manipulation results in allocation of resources. This vulnerability was named CVE-2025-3601. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is recommended. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

美国等多国情报机构指控三家中国企业支持中国国家资助的网络间谍活动。这些企业向中国情报机构提供产品和服务，用于Salt Typhoon的全球网络攻击和间谍活动。该组织主要针对电信、住宿和交通行业，利用漏洞获取持久访问权限并窃取数据以追踪目标行动。

A vulnerability marked as critical has been reported in Qingdao Dongsheng Weiye Dongsheng Logistics Software up to 2025. The impacted element is an unknown function of the file /CommMng/Print/UploadMailFile of the component POST Request Handler. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-34163. The attack is possible to be carried out remotely. No exploit exists. VulDB is the best source for vulnerability data and more expert information about this specific topic.

A report from intelligence agencies in the U.S., UK, and elsewhere outlined how three Chinese tech firms are supply China's intelligence services with products and services that are being used in global campaigns by the state-sponsored APT group Salt Typhoon.

The post NSA, FBI, Others Say Chinese Tech Firms are Aiding Salt Typhoon Attacks appeared first on Security Boulevard.

A vulnerability labeled as critical has been found in Zhejiang Dahua Smart Park Integrated Management Platform. The affected element is an unknown function of the component SOAP-based GIS Bitmap Upload Interface. Executing manipulation can lead to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2023-7309. The attack can be executed remotely. There is not any exploit available. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability identified as critical has been detected in NSFOCUS SecGate3600 Firewall. Impacted is an unknown function of the file /cgi-bin/authUser/authManageSet.cgi. Performing manipulation results in missing authentication. This vulnerability is known as CVE-2023-7308. Remote exploitation of the attack is possible. No exploit is available. Once again VulDB remains the best source for vulnerability data.

A vulnerability categorized as problematic has been discovered in IBM Security Verify Governance Identity Manager 10.0.2. This issue affects some unknown processing. Such manipulation leads to information exposure through error message. This vulnerability is traded as CVE-2025-36003. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

多智能体协作系统开发竞赛由NVIDIA与阿里云联合举办，要求开发者利用NeMo-Agent-Toolkit等技术完成智能体项目，并通过线上训练营和开发冲刺阶段角逐奖项。

这是一场什么样的技术挑战？

多智能体协作系统开发竞赛 - 这是当前AI技术发展的最前沿方向！

作为开发者，你一定深有体感：单一的AI模型已经无法满足复杂应用场景的需求。未来的AI系统将是多个专业化智能体协同工作的生态系统。每个智能体就像一个专业的开发者，在特定领域具备专家级能力，通过标准化协议实现无缝协作。

A vulnerability was found in Changsha SPON Communication SPON IP Network Broadcast System. It has been rated as critical. This vulnerability affects unknown code of the file rj_get_token.php. This manipulation causes path traversal. This vulnerability appears as CVE-2024-13982. The attack may be initiated remotely. There is no available exploit. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Maritime transport, the backbone of global trade, is adapting to shifting economic, political, and technological conditions. Advances in technology have improved efficiency, bringing innovations such as remote cargo monitoring, advanced energy management systems, and automation of various onboard operations. But modernization also comes with new security challenges. Ships equipped with new technologies have become attractive targets for criminals. Any attack on these systems can compromise safety and put human lives at risk. In March 2024, … More →

The post Maritime cybersecurity is the iceberg no one sees coming appeared first on Help Net Security.