Aggregator

文章总结了本周网络安全领域的重大事件和趋势,包括Salesloft-Drift供应链攻击、多个高风险CVE漏洞被利用、威胁行为者动态及安全工具更新等,并提供了锁定路由器的安全建议以应对日益复杂的网络威胁。

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the

Kovrr的Reports Hub通过将网络安全风险量化数据转化为定制化报告，帮助不同决策者（如董事会、高管和风险经理）以符合其需求的方式理解风险信息。该平台提供预定义报告和定制选项，涵盖企业风险敞口、保险对齐、投资回报等主题，并将技术数据转化为财务视角，助力企业战略规划和长期决策。

Articles related to cyber risk quantification, cyber risk management, and cyber resilience.

The post Reports Hub Shapes Cyber Risk Insights for Leaders | Kovrr appeared first on Security Boulevard.

A vulnerability categorized as critical has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. This vulnerability was named CVE-2025-10098. The attack may be performed from remote. In addition, an exploit is available.

思科塔洛斯团队分析了过去两年半的预勒索软件事件，发现快速响应和及时处理安全警报是阻止勒索软件的关键因素。文章还总结了常见的预勒索软件指标和安全建议，以帮助组织提升防御能力。

A vulnerability was found in SimStudioAI sim up to 1.0.0. It has been rated as critical. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. This vulnerability is uniquely identified as CVE-2025-10097. The attack is possible to be carried out remotely. No exploit exists.

Security researchers have discovered a new malicious campaign impacting hundreds of GitHub users

推动代码检测范式从扫描告警转向证据验证

一起探索安卓逆向的奥秘

网络安全法修正草案将首次提请审议。

草木有本心，何求美人折

当前环境出现异常，需完成验证后才能继续访问。

当前环境异常，需完成验证后继续访问。

A vulnerability was found in SimStudioAI sim up to 1.0.0. It has been declared as critical. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. This vulnerability is handled as CVE-2025-10096. The attack can be executed remotely. Additionally, an exploit exists. Applying a patch is advised to resolve this issue.

Submit #644967 / VDB-323060

Submit #644966 / VDB-323059

文章介绍了几款新应用及其更新：Luggy 提供旅行物品管理功能；Aktivpause 帮助用户在工作间隙锻炼；Parallels Desktop 26 支持更多操作系统；Tot 增加了自定义 Smart Bullets 和文本分隔线；小星记账优化了账户管理和自动记账功能；OmniFocus 4.7 新增计划日期和重复任务优化功能。此外，Nova Launcher 可能面临开发停止。

Submit #644954 / VDB-323058