Aggregator

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063国家发展改革委关于向社会公开征求《公共数据资源登记管理暂行办法（公开征求意见稿）》意见的公告为认真贯彻落实《中共中央办公

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063国际网安快讯第32期热点速览一、政策动态1. 澳大利亚推出首个《2024网络安全法案》2. 欧盟通过《网络韧性法案》加强

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士AI安全公司 HiddenLayer 发布报告称，操纵AI模型图可在机器学习 (ML) 模型中植入无代码的可持久后门。该技术名为 ShadowLog

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士本周三，Palo Alto Networks 公司修复了位于 Expedition 客户迁移工具中的多个严重漏洞，并提醒称攻击者可借此接管防火墙管理

A vulnerability was suspected in Red Hat OpenShift. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was found in WPIDE Plugin up to 3.4.9 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-9546. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Slimstat Analytics Plugin up to 5.2.6 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9548. The attack can be initiated remotely. There is no exploit available.

我第一次见电脑，是大一上电脑课。那时候键盘还很不熟悉，老师说打那个字，得先趴在键盘上找那个字母，小心翼翼的按下去……从那时候开始算，我已经用了20多年电脑。在我的印象里，Windows剪切板一直是“只

A vulnerability has been found in JusApp! 3.7.5 and classified as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7693. The attack needs to be approached within the local network. There is no exploit available.

An Iran-linked cyberespionage group has stepped up its attacks in recent months against government

error code: 1106

My teammates at Jamf who support Jamf’s own IT (known as Jamf @ Jamf) have developed an innovati

GhostStrike GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems. Feature Dynamic API Resolution: Utilizes a custom hash-based method to dynamically...

The post GhostStrike: The Undetectable Red Team Weapon appeared first on Penetration Testing Tools.

A vulnerability has been found in Cisco Wireless LAN Controller up to 8.0.x and classified as critical. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation leads to improper resource management. This vulnerability was named CVE-2016-1363. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

RustScan The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported). ✨ Features Scans all 65k ports in 3 seconds. Full scripting engine support. Automatically...

The post RustScan: Find all open ports fast with Rustscan appeared first on Penetration Testing Tools.

Vector Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and...

The post vector: High-Performance, Logs, Metrics, & Events Router appeared first on Penetration Testing Tools.

A vulnerability was found in Nginx Open Source, Plus and Ingress Controller. It has been declared as problematic. This vulnerability affects unknown code of the component Resolver. The manipulation leads to off-by-one. This vulnerability was named CVE-2021-23017. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Anuko Time Tracker up to 1.19.33.5607. It has been rated as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument date leads to sql injection. This vulnerability is handled as CVE-2022-24707. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

With cybercriminal gangs raking in at least $18 billion regionally — and much more globally — law enforcement and policymakers are struggling to keep up as the syndicates innovate and entrench themselves in national economies.