Aggregator

文章探讨了IBM z/OS大型机上的RACF安全包，分析了其决策逻辑、数据库结构及实体间交互关系，并介绍了一款名为racfudit的工具，用于离线分析RACF配置以识别潜在安全漏洞和权限提升路径。

Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase

全新上线！入门到进阶带你全方位学习，掌握二进制漏洞挖掘的技能。

谷歌高危漏洞被 CISA 点名，须限期修复

看雪论坛作者ID：默文

当前环境出现异常，需完成验证后方可继续访问。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

当前环境异常导致无法继续访问,需完成验证后方可恢复。

Managed Security Service Providers (MSSPs) are specialized companies that deliver outsourced cybersecurity services to protect businesses from evolving cyber threats. These providers offer a range of services, including 24/7 threat monitoring, incident response, vulnerability management, and compliance support. MSSPs help organizations enhance their security posture by leveraging advanced tools like AI-driven analytics, endpoint protection, and […]

The post 25 Best Managed Security Service Providers (MSSP) In 2025 appeared first on Cyber Security News.

Multiple vulnerabilities in macOS SMBClient that could allow attackers to execute arbitrary code remotely and crash systems.  The vulnerabilities affecting the SMB filesystem client used for mounting remote file shares represent a significant security risk, as SMB has been the preferred file sharing protocol since macOS Big Sur.  Two of the flaws have been assigned […]

The post macOS SMBClient Vulnerability Allows Remote Code Execution and Kernel Crash appeared first on Cyber Security News.

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

当前环境异常，需完成验证后方可继续访问。

CISA has issued an urgent warning regarding a critical vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS) that is being actively exploited in cyberattacks.  The vulnerability, tracked as CVE-2019-9621, poses significant risks to organizations using the popular email and collaboration platform. Key Takeaways1. CISA alerts on an SSRF flaw (CVE-2019-9621) in Zimbra ZCS, actively exploited by […]

The post CISA Warns of Zimbra Collaboration Suite (ZCS) Vulnerability Exploited in Attacks appeared first on Cyber Security News.

44位欧洲大型企业CEO联名呼吁暂停AI Act实施，认为法规复杂性可能阻碍技术应用和竞争力，并担忧中小企业难以应对。

On Q-Day, everything we’ve protected with current crypto – from seemingly mundane but confidential data such as email, bank transactions and medical records, to critical infrastructure, and government secrets – all built on a foundation of trust – could no longer be trusted.

The post The Q-Day Countdown: What It Is and Why You Should Care appeared first on Security Boulevard.

“Q-Day”指量子计算机破解现代加密技术的关键时刻。文章探讨了量子计算的快速发展及其对RSA、ECC等加密算法的威胁，并介绍了Shor和Grover算法对非对称与对称加密的影响。为应对潜在危机，美国NIST发布了抗量子标准（FIPS 203、204、205），建议企业和组织清点现有加密技术、迁移至抗量子方案并加强数据保护措施。

一位29岁女性从网络工程转行至网络安全领域后，怀念过去与朋友通宵游戏的时光，希望创建一个轻松随意的技术与网络安全社区，在线交流想法、协作项目并分享知识。

直播预告 | 关基安全保护攻防实录Vol.22 安全产品被0-Day漏洞攻击，如何还原攻击路径 安全设备失陷的事件，原因竟是……

在国家发展改革委、中央网信办、工业和信息化部、公安部、市场监管总局、交通运输部、农业农村部、中国人民银行、国家能源局、最高人民法院等部门的支持下，国家数据局征集遴选了5个数据流通安全治理典型案例。