Aggregator

研究人员发现安卓恶意软件Konfety新变种利用"evil twin"技术进行广告欺诈。该恶意软件通过伪装成合法应用并共享相同包名规避检测，并采用加密APK结构、动态加载代码和虚假压缩声明等多层混淆技术增加分析难度。其滥用CaramelAds SDK获取广告并具备重定向恶意网站等功能。

Google修复了Chrome浏览器中的六个安全问题，其中包括一个已被利用的零日漏洞CVE-2025-6558。该漏洞影响ANGLE和GPU组件，可能导致沙盒逃逸。攻击者可通过恶意网页触发此漏洞以获取系统访问权限。建议用户更新至最新版本以防范威胁。

A critical security vulnerability has been discovered in Vim, the popular open-source command-line text editor, that could allow attackers to overwrite arbitrary files on users’ systems. The vulnerability, designated CVE-2025-53906, was published on July 15, 2025, and affects all versions of Vim prior to 9.1.1551. The security flaw stems from a path traversal issue within Vim’s […]

The post Command-Line Editor Vim Hit by Vulnerability Allowing File Overwrites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

为客户提供高级网络安全服务时虚构公司/人员资质和技术能力

当前环境异常，请完成验证后继续访问。

当前环境异常，请完成验证后继续访问。

A vulnerability, which was classified as problematic, has been found in Coppermine Photo Gallery. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2007-4976. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

2025年7月，一场看似普通的外交会晤，却在东北亚的政治版图上掀起了滔天巨浪。金老板与俄外长谢尔盖·拉夫罗夫

在当今世界，恐怖主义威胁日益成为国际安全的一大挑战。恐怖主义不仅威胁人民的生命安全，也严重破坏国家的和平与稳定。

Когда вымогатель платит больше, чем инвестфонд — кто настоящий стартап?

Cyber espionage campaigns against Japanese companies have increased in fiscal year 2024, which runs from April 2024 to March 2025, according to a thorough analysis published by Macnica’s Security Research Center. The main objective of these campaigns is to exfiltrate sensitive data, including manufacturing blueprints, policy-related documents, and personal information. Since initiating monitoring in 2014, […]

The post Hackers Exploit Ivanti and Fortinet VPN Vulnerabilities in Attacks on Japanese Companies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

速速围观~

本文提出了一种名为AVVERIFIER的工具，用于检测智能合约中的地址验证漏洞。通过与四种基线工具（Mythril、Ethainter、Jackal、ETHBMC）的对比实验，在5900万个智能合约中评估其有效性和效率，并探讨其实时检测能力。

How OpenAI Lost, Google Hedged and Cognition AI Bought AI Coding Startup Windsurf
As with any story about AI start-ups, the acquisition of Windsurf AI happened at lightning speed. In just a couple of weeks, major Silicon Valley players took a close look at the four-year-old AI-assisted coding vendor, and ultimately Google and Cognition AI ended up with parts of the company.

Analysts Warn White House Chip Reversal Threatens US AI Dominance
President Donald Trump has reportedly reversed a U.S. policy restricting Nvidia chips critical to artificial intelligence technology development from being exported to China in a move that experts say could undercut the U.S. lead in the burgeoning emerging technology market.

Escalating Geopolitical Tensions Could Increase Hacks by 2030, Government Warns
France has identified Russia as the primary threat to national security in the coming years. The French government recommends adopting measures to strengthen its cybersecurity defenses in anticipation of increased hacks from Moscow-aligned attackers driven by geopolitical tensions.

文章讨论了 SAP 系统即将结束标准维护的问题，并强调企业需在 2027 年底前完成向 S/4HANA 的迁移（或 2030 年）。过程中面临技术与安全挑战，专家 Chris Carter 讨论了 ERP 策略、架构选择及迁移建议。此外还涉及领导力与网络安全的话题。

Curl, the ubiquitous command-line tool and library for transferring data with URLs, has reached version 8.15.0 with a landmark release that addresses more than 230 bugs and streamlines its internal architecture. Officially launched today at 10:00 CEST (08:00 UTC) in a live-streamed presentation on Twitch, this release marks the project’s 269th iteration and reaffirms its […]

The post Curl 8.15.0 Officially Released: 233 Bugs Fixed in Major Update appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.