花指令简单总结
看雪论坛作者ID:j1ya
Aggregator
丹麦一政府部门准备淘汰 Windows 和 Microsoft 365
3 months 1 week ago
丹麦数字事务部准备从下个月开始,淘汰 Windows 和 Microsoft 365,切换到 Linux 和 LibreOffice。该计划将逐步推进,首先半数员工改用 Linux 和 LibreOffice,如果一切顺利,所有员工将从秋季开始使用开源解决方案。部长 Caroline Stage 表示,此举旨在节省成本以及减少对美国软件的依赖,称数字主权是该部门的优先事项。此举也有助于应对 Windows 10 操作系统即将于今年 10 月终止支持所带来的安全问题。Stage 表示如果进展不顺利的话,还是会继续使用微软软件。
Graphite Spyware Uses iOS Zero-Click Flaw to Target Journalists
3 months 1 week ago
Security researchers at Citizen Lab have uncovered the first forensic evidence linking Paragon’s Graphite mercenary spyware to zero-click attacks on journalists’ iPhones. The campaigns exploited a now-patched iMessage vulnerability (CVE-2025-43200) to compromise devices running iOS 18.2.1, highlighting the persistent threat of state-aligned surveillance against civil society Technical Overview of the Attack Chain According to the […]
The post Graphite Spyware Uses iOS Zero-Click Flaw to Target Journalists appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Anupriya
每周蓝军技术推送(2025.6.7-6.13)
3 months 1 week ago
关注高级攻防对抗技术热点,研究对手技术进行高级威胁模拟,研判攻击安全发展方向。
Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm
3 months 1 week ago
A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool
CVE-2025-49112 | Valkey up to 8.1.1 networking.c setDeferredReply integer underflow (Nessus ID 238417)
3 months 1 week ago
A vulnerability was found in Valkey up to 8.1.1. It has been rated as problematic. Affected by this issue is the function setDeferredReply of the file networking.c. The manipulation leads to integer underflow.
This vulnerability is handled as CVE-2025-49112. The attack needs to be done within the local network. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
2025年5月奖励公告
3 months 1 week ago
【2502众测挑战赛】海外电商业务新上线!
3 months 1 week ago
研究认为霸王龙的大型化始于亚洲
3 months 1 week ago
日本北海道大学研究团队在《自然》上发表研究成果,指出体重不到约 500 公斤的中间型的暴龙在以几百万年为单位在亚洲和北美大陆之间迁徙的过程中,朝着体重达到约 1 吨以上的大型化方向进化。此前的观点是认为体型增大仅发生在北美。研究团队报告在蒙古约 9300 万至 8300 万年前地层中发现了中间型暴龙化石,将其新命名为“Khankhuuluu mongoliensis”。他们推测完成大型化的暴龙的祖先起源于亚洲,最晚在约 8600 万年前迁徙至北美,然后最晚在约 7800 万年前迁徙至亚洲,在约 7300 万年至约 6700 万年前再次迁徙至北美。迁徙的理由尚不清楚,团队表示将进一步研究。
ИИ лечит душу, а потом отправляет её в облако — вместе со всеми секретами
3 months 1 week ago
Когда разговор с ботом заканчивается больничной койкой.
Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks
3 months 1 week ago
Fog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime: hackers are using open-source penetration testing tools and genuine staff monitoring software to breach networks, steal confidential data, and initiate ransomware attacks. This unprecedented blend of tactics has targeted major financial institutions, raising alarms among cybersecurity professionals. Unprecedented Toolset in a […]
The post Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Kaaviya
两名欧洲记者的手机感染了以色列间谍软件 Paragon
3 months 1 week ago
2025 年 4 月 29 日苹果通知部分 iOS 用户,称他们成为先进间谍软件的攻击目标。加拿大多伦多大学公民实验室对两位欧洲记者 iPhone 手机进行的分析证实,他们遭到了以色列公司 Paragon 的间谍软件 Graphite 的攻击。苹果表示它已经释出了 iOS 18.3.1 缓解了部署间谍软件利用的零点击攻击,该漏洞被分配了编号 CVE-2025-43200。被攻击的两名欧洲记者一人要求匿名,另一人是意大利记者 Ciro Pellegrino。攻击发生在 2025 年 1 月到 2 月初之间,当时 iPhone 运行的是 iOS 18.2.1系统。Pellegrino 的同事、Fanpage.it 网站编辑 Francesco Cancellato 于 2025 年 1 月收到 WhatsApp 通知称遭到 Graphite 间谍软件的攻击。这起攻击可能与意大利政府有关。
Qilin
3 months 1 week ago
You must login to view this content
cohenido
Qilin
3 months 1 week ago
You must login to view this content
cohenido
Qilin
3 months 1 week ago
You must login to view this content
cohenido
Qilin
3 months 1 week ago
You must login to view this content
cohenido
CVE-2025-29902 | Telex Remote Dispatch Console Server code injection (EUVD-2025-18259)
3 months 1 week ago
A vulnerability was found in Telex Remote Dispatch Console Server. It has been classified as very critical. Affected is an unknown function. The manipulation leads to code injection.
This vulnerability is traded as CVE-2025-29902. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-29902 | RTS VLink Virtual Matrix Software code injection (EUVD-2025-18259)
3 months 1 week ago
A vulnerability was found in RTS VLink Virtual Matrix Software. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection.
This vulnerability is known as CVE-2025-29902. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Scale AI 亚历山大·王的创业法则:人类计算资源可像计算机一样编排,吴恩达一观点毁掉红杉投资,YC创始人一句话带来商业灵感
3 months 1 week ago
Meta正式宣布投资近150亿美元收购Scale AI 49%股份,同时聘请其创始人亚历山大·王领导全新的"超级智能"实验室。25岁的亚历山大·王是华裔天才创业者,19岁从MIT辍学创立Scale AI,专注为AI模型提供高质量数据标注服务,八年内将公司发展为估值138亿美元的AI独角兽,被誉为"AI模型的数据工厂",为OpenAI、Meta、Google等主要AI公司提供数据服务。在最新访谈中,亚历山大·王分享了创业方法论:强调认知套利能力比技术更重要,专注度是创业公司对抗科技巨头的核心优势,企业销售中感知比现实更重要。他指出当前AI发展面临数据墙困境,合成数据无法完全解决问题,未来需要人类生成数据与计算资源同步指数级增长,这为Scale AI等数据基础设施公司带来巨大机遇。
CVE-2013-5660 | Powersoftware WinArchiver 3.2 Flow memory corruption (ID 121512 / EDB-25131)
3 months 1 week ago
A vulnerability was found in Powersoftware WinArchiver 3.2. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Flow. The manipulation leads to memory corruption.
This vulnerability is handled as CVE-2013-5660. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com