特朗普签订新的网络安全行政令,重在数字化身份和制裁政策
旨在增强美国的网络安全,重在修复拜登和奥巴马行政令中的“问题元素”。
Aggregator
Jenkins Gatling Plugin Flaw Allows CSP Bypass, Exposing Systems to Attack
6 months 1 week ago
On June 6, 2025, the Jenkins Project issued a security advisory (SECURITY-3588 / CVE-2025-5806) affecting the Gatling Plugin, a widely used tool for displaying performance test reports within the Jenkins automation server. The vulnerability carries a high severity rating, with CVSS base scores ranging from 8.0 to 9.0 across different versions, indicating a significant risk […]
The post Jenkins Gatling Plugin Flaw Allows CSP Bypass, Exposing Systems to Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Anupriya
CVE-2025-5869 | RT-Thread 5.1.0 lwp_syscall.c sys_recvfrom memory corruption (Issue 10304 / EUVD-2025-17445)
6 months 1 week ago
A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption.
This vulnerability is traded as CVE-2025-5869. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2025-26873 | Shinetheme Traveler Plugin up to 3.1.8 on WordPress deserialization (EUVD-2025-8520)
6 months 1 week ago
A vulnerability has been found in Shinetheme Traveler Plugin up to 3.1.8 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to deserialization.
This vulnerability was named CVE-2025-26873. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-5870 | TRENDnet TV-IP121W 1.1.1 Build 36 Web Interface /admin/setup.cgi improper authentication (EUVD-2025-17444)
6 months 1 week ago
A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication.
This vulnerability is known as CVE-2025-5870. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
APT-C-56(透明部落)针对Linux系统的DISGOMOJI变体攻击活动分析
6 months 1 week ago
本次披露样本与之前披露样本属于同类型样本,但是样本与之前有所差异,是未被披露过的相关样本。该类型样本结构相对复杂,载荷更新也较快,需要引起足够的重视
Нам 100 лет твердили, что Млечный Путь врежется в Андромеду. А теперь: «ну... не факт»
6 months 1 week ago
Так ждёт ли нас столкновение с огромной галактикой в будущем? Или пронесло?
CVE-2013-5701 | Watchguard Server Center 11.7.4 Path wlcollector.exe access control (EDB-38752 / ID 121446)
6 months 1 week ago
A vulnerability was found in Watchguard Server Center 11.7.4. It has been classified as critical. This affects an unknown part in the library wgpr.dll of the file wlcollector.exe of the component Path Handler. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2013-5701. The attack needs to be approached locally. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
Litecoin Security: How to Spot, Avoid, and Recover from Crypto Scams
6 months 1 week ago
It seems not a day goes by without news of another crypto scam targeting unsuspecting holders. Those owning…
Owais Sultan
Назвал себя — и стал мишенью: iPhone ломают через никнеймы в iMessage
6 months 1 week ago
Сбой в 0.0001% айфонов раскрыл масштабную кибератаку.
国产大模型Deepseek实战!叠加618优惠券,省疯啦
6 months 1 week ago
漏洞分析、脚本生成… 大语言模型如何助力网络安全?这门课告诉你答案!
“被 AI 检测到作弊”诈骗短信来袭,考生和家长别掉坑
6 months 1 week ago
近期高考考生需警惕诈骗短信,不法分子以“作弊”等为由实施诈骗。
DEFCON33-Quals nfuncs angr、unicorn 快速自动化逆向
6 months 1 week ago
看雪论坛作者ID:SleepAlone
看雪·618狂欢来袭!囤课程优惠券,最高立省200元
6 months 1 week ago
活动时间:6月9日-18日
第一届OpenHarmony CTF专题赛线上赛落幕,天枢Dubhe排名第一!
6 months 1 week ago
第一届OpenHarmony CTF专题赛线上赛于06月08日21:00落下帷幕。
CVE-2017-7018 | Apple iCloud up to 6.2.1 on Windows WebKit memory corruption (HT207927 / EDB-42373)
6 months 1 week ago
A vulnerability classified as critical was found in Apple iCloud up to 6.2.1 on Windows. This vulnerability affects unknown code of the component WebKit. The manipulation leads to memory corruption.
This vulnerability was named CVE-2017-7018. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
雷神众测漏洞周报2025.6.3-2025.6.8
6 months 1 week ago
雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的副本,包括版权声明等全部内容。声明雷神众测允许,不得任意修改或增减此文章内容,不得以任何方式将其用于商业目的。
安全阻碍了企业拥抱 AI
6 months 1 week ago
企业采用 AI 的比例只有 10%。Chatterbox Labs CEO Danny Coleman 和 CTO Stuart Battersby 认为一个重要原因是安全性。Colema 说,麦肯锡称 AI 是一个价值 4 万亿美元的市场,但如果你不断推出不仅安全性未知,而且企业或社会影响都未知的产品,你如何推动市场发展?AI 的兴趣和投资在增长,但普及却相对缓慢。Battersby 说,不要轻信大模型供应商的花言巧语,因为他们总是会说模型是无比安全的。传统的网络安全和 AI 安全在相互碰撞,而大多数信息安全团队尚未跟上发展。
Critical SOQL Injection 0-Day Vulnerability in Salesforce Affects Millions Worldwide
6 months 1 week ago
A critical zero-day vulnerability discovered in Salesforce‘s default controller has exposed millions of user records across thousands of deployments worldwide. The security flaw, found in the built-in aura://CsvDataImportResourceFamilyController/ACTION$getCsvAutoMap controller, allowed attackers to extract sensitive user information and document details through SOQL injection techniques. SOQL Injection 0-Day Vulnerability The vulnerability was discovered while conducting automated fuzzing […]
The post Critical SOQL Injection 0-Day Vulnerability in Salesforce Affects Millions Worldwide appeared first on Cyber Security News.
Guru Baran
NightSpire
6 months 1 week ago
You must login to view this content
cohenido