Aggregator

Currently trending CVE - Hype Score: 22 - Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

За $100 в месяц — за то, что любой пользователь сам можешь запустить даром.

Сайты следят за вами, даже если вы всё отключили.

关注安全419,及时获取更新网安招聘信息!

为什么中小企业是网络罪犯的首要目标，有限预算下如何加强防御。

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

6 月 18 日，伊朗最大的加密货币交易所 Nobitex 受到了亲以色列黑客组织的攻击，据有相关组织统计，已经确定超过 9000 万美元从 Nobitex 钱包发送到黑客钱包地址。

Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over Easter weekend, they were forced to shut down their online operations, which account for

香蕉小队攻击超 60 个 GitHub 仓库投毒

快来开启《CTF训练营-Web篇》的学习之旅吧！

文末投递简历

看雪论坛作者ID：孤恒

Поприветствуйте нового интервьюера.

A sophisticated phishing campaign targeting employees with fake toll payment notices has been identified, combining government domain spoofing with social engineering tactics. The attackers craft messages claiming to be from TxTag, warning recipients that their accounts face suspension unless outstanding balances are paid immediately. This campaign leverages urgency and fear to compel victims into clicking […]

The post New TxTag Phishing Attack Leverages .gov Domain to Trick Employees appeared first on Cyber Security News.

Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. "Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare's Omer Yoachimik

Banana Squad создали маскировку атаки нового поколения.

Microsoft has announced a significant update to the security posture of its Windows 365 Cloud PCs, introducing new secure-by-default capabilities designed to fortify virtual desktop environments against modern cyber threats. These changes, set to roll out in the second half of 2025, reflect Microsoft’s ongoing commitment to its Secure Future Initiative (SFI) and the evolving […]

The post Microsoft Introduces Enhanced Security Defaults for Windows 365 Cloud PCs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本文要点

• 20与25版具体事项对比

• 新增的判例清单

• 删除的判例清单

• 20、25版原文

近期，公安部发布了《网络安全等级保护测评高风险判定实施指引（试行）》。与20版本对比后，本文梳理出判例变化项40+，删减项20+，新增项40+，其中安全通用要求新增5项、云计算安全扩展要求新增13项、移动互联安全扩展要求新增10项、物联网安全扩展要求新增4项、工业控制系统安全扩展要求新增9项。

判例结构变化

版本

2025版本

2020版本

包含内容

标准要求

标准要求

适用范围

适用范围

问题描述

判例场景

可能的缓解措施

补偿因素

风险评价

具体事项差异对比

新增的判例清单

删除的判例清单

特别说明：因时间有限，若有不足之处，请以原文为准

参考资料：

《网络安全等级保护测评高风险判定实施指引(试行)》（2025）

《网络安全等级保护测评高风险判定指引》（2020）

来源：重庆信通设计院天空实验室

A vulnerability was found in matrix-js-sdk up to 23.x. It has been rated as critical. This issue affects some unknown processing of the component Event Handler. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The identification of this vulnerability is CVE-2023-28427. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.