Aggregator

以网络安全为基、数字技术为翼，推进西藏数字化转型升级，筑牢边疆安全防线。

美英澳加联合发布SIEM/SOAR实施指南，强调高效威胁响应与成本管控，但部署挑战与隐性成本仍需警惕。

Submit #585912 / VDB-309086

Submit #585871 / VDB-309038

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were

360BugCloud推出端午特别活动，预祝各位师傅端午安康！

芯片安全工程师、高级安全攻防工程师、资深安全合规专家、高级安全研发工程师等岗位正在招聘中，阅读文章获取岗位详情吧

微软周二宣布允许部分开发商和产品团队接入 Windows 11 更新框架。该系统本身不会推送更新，但允许应用通过 WinRT API 和 PowerShell 注册其更新逻辑，实现集中式调度(Centralized Scheduling)、日志记录和策略执行。微软产品经理 Angie Chen 表示，该公司正致力于解决 Windows 生态系统支离破碎的更新体验，构建一个统一的智能更新编排平台，支持应用、驱动等任何程序的更新。该平台目前处于封闭式预览阶段，开发商需要通过邮箱 [email protected] 申请访问权限。

近期，公安部第一研究所于锐研究员关于国家网络身份认证公共服务进行了专题宣讲，以下是文字实录……

工信部部对APP、SDK违法违规收集使用个人信息等问题开展治理。近期，经组织第三方检测机构进行抽查，共发现49款APP及SDK存在侵害用户权益行为，现予以通报。

随着信息技术的快速发展，网络安全已成为全球竞争的核心领域。近年来，网络安全威胁与日俱增，网络攻击事件频繁发生，国家安全、经济社会发展面临严峻考验。为筑牢网络安全防线，各国都积极加强网络安全人才队伍建设，提升网络安全防护能力。

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. This vulnerability was named CVE-2025-5331. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-5330. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

美团闪购入局，618 变了。

A vulnerability, which was classified as problematic, has been found in Strapi up to 4.25.1. Affected by this issue is some unknown functionality of the component Webhooks URL Handler. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-52588. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in freescout-help-desk freescout up to 1.8.177. Affected by this vulnerability is an unknown functionality. The manipulation of the argument as leads to format string. This vulnerability is known as CVE-2025-48388. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Teltonika RMS up to 5.6. Affected is an unknown function of the component Pending Invite Handler. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-4687. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Redis up to 8.0.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-27151. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Submit #585404 / VDB-310504