Aggregator

当前环境出现异常,需完成验证后才能继续访问。

Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other major venues such as IEEE Security and Privacy, and ACM CCS have also emphasized the importance of ethical review in recent calls for papers. This change reflects a growing concern that cybersecurity research can unintentionally cause harm. Research that exposes vulnerabilities, collects … More →

The post Cybersecurity research is getting new ethics rules, here’s what you need to know appeared first on Help Net Security.

Tenable has confirmed a data breach that exposed the contact details and support case information of some of its customers. The company stated the incident is part of a broader data theft campaign targeting an integration between Salesforce and the Salesloft Drift marketing application, which has affected numerous organizations. In a public statement, Tenable expressed […]

The post Tenable Confirms Data Breach – Hackers Accessed Customers’ Contact Details appeared first on Cyber Security News.

Уязвимость позволяет злоумышленникам с минимальными правами полностью захватить систему.

文章介绍了2024年《公司法》修订对企业注册资本实缴的要求及操作流程，强调了5个关键步骤：股东打款至公司账户、财务记账、缴纳印花税、验资报告（可选）及工商公示。同时说明了非货币出资的特殊流程及资金使用规范，并提醒企业注意合规风险。

InterceptSuite is an open-source, cross-platform network traffic interception tool designed for TLS/SSL inspection, analysis, and manipulation at the network level. “InterceptSuite is designed primarily for non-HTTP protocols, although it does support HTTP/1 and HTTP/2. It offers support for databases, SMTP, and custom protocols, and can manage unknown protocols and their TLS connections. Developed in C, it ensures efficient memory management and performance, utilising native SOCKS5 proxy support on Linux, Mac, and Windows, with OpenSSL for … More →

The post InterceptSuite: Open-source network traffic interception tool appeared first on Help Net Security.

两名作者起诉苹果公司未经授权使用其书籍训练人工智能系统，涉及Books3数据集中的19.6万本书籍。原告指控苹果未支付报酬且隐瞒数据来源，并寻求集体诉讼地位及赔偿。案件尚未确认集体诉讼资格。

清华、蚂蚁和新加坡南洋理工的研究人员在预印本平台 arxiv 上发表了一篇论文《Speculating LLMs’ Chinese Training Data Pollution from Their Tokens》，指出 OpenAI 的 GPT 系列模型使用的中文语料被成人和网络赌博内容污染。大模型使用从互联网上爬取的内容进行预训练，而爬取的内容不可避免会混入成人色情或网络赌博等污染内容。如果不仔细清理数据，那么在构建词汇表和执行分词（Performing tokenization）时可能会生成污染词元（polluted tokens），GPT 系列模型使用的中文词汇表就存在大量污染的中文词元。GPT-o1/o3/4.5/4.1/o4-mini 等模型都使用污染的中文语料库进行了训练。研究人员发现，在 GPT 模型语料库中，超过 23% 的长中文词元或者是成人内容或者是网络赌博，以 GPT-4o 为例，与日本 AV 女星波多野结衣相关的网页比例占到了训练语料库的 0.5%。

A vulnerability described as problematic has been identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2025-10093. The attack may be performed from remote. In addition, an exploit is available. Restrictive firewalling should be applied.

A vulnerability marked as problematic has been reported in Ricoh Streamline NX. Affected is an unknown function of the component HTTP Request Handler. This manipulation causes use of less trusted source. This vulnerability is tracked as CVE-2025-58422. The attack is possible to be carried out remotely. No exploit exists.

知名安卓启动器 Nova Launcher 的创始人 Kevin Barry 离开 Branch 公司，开源计划搁置。Branch 于 2022 年收购 Nova 后承诺若创始人离职将开源代码，但现要求 Kevin 停止相关工作。Nova 团队其余成员已被裁，未来开发或由 Branch 自行组织。

Защита критической инфраструктуры стала доступнее для СМБ.

Submit #644935 / VDB-323049

A vulnerability labeled as problematic has been found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. This vulnerability is identified as CVE-2025-10092. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. This vulnerability is referenced as CVE-2025-10091. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-10090. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #644920 / VDB-314780

The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt to shift left, security teams deputized developers to own remediation. While development teams have legitimately become more security-focused, it’s created a dynamic in which security is still accountable for risk but has … More →

The post Cyber defense cannot be democratized appeared first on Help Net Security.

A major security flaw has been discovered in Argo CD, a popular open-source tool used for Kubernetes GitOps deployments. The vulnerability allows project-level API tokens to expose sensitive repository credentials, such as usernames and passwords, to attackers. The issue has been classified as critical with a CVSS score of 9.8/10 and is tracked as CVE-2025-55190. The […]

The post Critical Argo CD API Flaw Exposes Repository Credentials to Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.