Aggregator

Submit #637921 / VDB-323234

Submit #636882 / VDB-323233

Google 周二同意遵守韩国的要求，对敏感卫星图像进行模糊处理，为 Google 在韩国提供地图服务铺平道路。韩国是中俄之外少数 Google Maps 不能正常工作的地区之一，原因是韩国法律要求企业将核心地理空间数据存储在当地，而 Google 长期以来拒绝这么做。Naver 和 Kakao 等韩国本土科技公司垄断了当地地图服务市场，让不熟悉这些平台的外国游客导航更加困难。Google 的最新举措标志着 Google 与韩国持续近二十年争执的结束。

Why CISOs Must Rethink Access, Behavioral Analytics and AI Governance at Scale
Zero trust is evolving beyond static controls and network segmentation. CISOs must prepare for dynamic, behavior-driven security models that incorporate real-time intelligence, enforce identity and data safeguards, and manage AI as both a threat vector and a security tool.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. [...]

Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.

A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read…

Five months ago, during a family road trip, I grew frustrated when my favorite mobile game, Clash Royale, kept lagging. “This shouldn’t be happening,” I thought. “I want to play now and expect to access the service anytime, anywhere.” Little did I know just how much effort it takes to truly guard the connected world...

On a recent family road trip, I was very upset when my favorite mobile game, Clash Royale, kept lagging. “There are service degradations in this spot,” I thought to myself. A few days later, I received a scam message telling me I had unpaid tolls, and to click the link the scammer sent. This was clearly a bad actor...

Fortinet has disclosed a significant OS command injection vulnerability in its FortiDDoS-F appliances that could allow privileged attackers to execute unauthorized code or commands through the command-line interface (CLI). The security flaw, identified as CVE-2024-45325, affects multiple versions of the FortiDDoS-F product line and carries a CVSS 3.1 score of 6.5, indicating medium severity. Vulnerability Details […]

The post FortiDDoS Vulnerability Lets Hackers Execute Unauthorized OS Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

一项涵盖 5600 万人的分析显示，暴露于空气污染环境会增加患某一特定类型痴呆症的风险。该类型即路易体痴呆，是继阿尔茨海默病和血管性痴呆后发病率第三高的痴呆类型。研究指出，长期暴露于 PM2.5 与路易体痴呆患者或帕金森病患者罹患痴呆症之间存在明确关联。路易体痴呆是一个统称，涵盖两种不同类型的痴呆症，即伴痴呆的帕金森病和路易体痴呆。在这两种情况下，痴呆的发病均与α-突触核蛋白（αSyn）在大脑神经细胞内聚集成团——又称路易体有关。这些蛋白团会导致神经细胞功能丧失并最终死亡。为探究空气污染暴露影响痴呆风险的原因，研究团队开展了小鼠实验。研究人员通过鼻腔让小鼠暴露于PM2.5环境，随后对小鼠进行与痴呆症状相关的行为测试。在暴露于PM2.5环境10个月后，小鼠在用于评估空间记忆的迷宫探索测试、用于评估新物体识别能力的测试中，均表现出行为障碍。同时，研究团队还观察到，10个月时小鼠大脑中α-突触核蛋白的聚集量显著增加。暴露于PM2.5环境10个月还导致小鼠内侧颞叶萎缩，这一脑区负责记忆的形成与提取。相比之下，缺乏α-突触核蛋白的基因改造小鼠，其大脑未出现上述变化。这一结果表明，α-突触核蛋白是神经退行性病变发生的必要条件。

Salat Stealer has emerged as a pervasive threat targeting Windows endpoints with a focus on harvesting browser-stored credentials and cryptocurrency wallet data. First detected in August 2025, this Go-based infostealer leverages a range of evasion tactics, including UPX packing and process masquerading, to slip past conventional defenses. Its operators advertise the malware through social engineering […]

The post Salat Stealer Exfiltrates Browser Credentials Via Sophisticated C2 Infrastructure appeared first on Cyber Security News.

Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute unauthorized commands. Tracked as CVE-2024-45325, the flaw is an OS command injection vulnerability residing within the product’s command-line interface (CLI). The vulnerability, identified as CWE-78, stems from an improper neutralization of special elements used in an […]

The post FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands appeared first on Cyber Security News.

Ivanti on September 9 released a security advisory detailing six medium and five high severity vulnerabilities impacting Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. No evidence of customer exploitation has surfaced so far. Patches and fixes are available immediately to address issues ranging from missing authorization checks and cross-site request forgery (CSRF) flaws to […]

The post Multiple Vulnerabilities Discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sean Cairncross also talked about near-term priorities in his first public speech since being confirmed.

The post National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries appeared first on CyberScoop.

“We've admired the problem for too long, and now it's time to do something about it,” National Cyber Director Sean Cairncross said about the cybersecurity threat environment.

科尔拜因·舒尔茨（KORBEIN SCHULTZ） 与一名身份不明的同谋者（Conspirator A）合谋，非法获取并传递美国军事机密信息。

参会报名已进入倒计时阶段，交流机会难得，请尽快报名锁定参会名额。本次会议为闭门会议，仅限公检法单位报名参与。

A new wave of phishing attacks purporting to originate from South Korea’s National Tax Service has emerged, leveraging familiar electronic document notifications to trick recipients into divulging their Naver credentials. Distributed on August 25, 2025, the email mimics the official format used by Naver’s secure document service, displaying the sender as “National Tax Service” and […]

The post Beware of Phishing Email from Kimusky Hackers With Subject Spetember Tax Return Due Date Notice appeared first on Cyber Security News.