Aggregator

CVE-2025-24813 Tomcat 最新 RCE 分析复现

The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward future-ready cryptography. This feature release includes support for post-quantum cryptography (PQC), server-side QUIC, and tighter control over TLS behavior. Default behaviors reworked OpenSSL 3.5.0 makes several potentially incompatible changes to default settings. Notably, the default encryption cipher for the req, cms, and smime command-line utilities has changed from the aging … More →

The post OpenSSL prepares for a quantum future with 3.5.0 release appeared first on Help Net Security.

Index Engines announced CyberSense 8.10, fully integrated with Dell PowerProtect Cyber Recovery, which provides new capabilities to enhance cyber resilience and streamline recovery from ransomware attacks. CyberSense’s highly-trained AI ensures data integrity, empowering organizations to detect corruption from cyber threats and recover with confidence. With more than 1,500 global installations, CyberSense continues to lead the industry in ransomware detection. “As ransomware attacks continue to rise, organizations must ensure they have data integrity to enable fast … More →

The post Index Engines CyberSense 8.10 strengthens AI-driven cyber resilience appeared first on Help Net Security.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote

PCI DSS 4.0 compliance raises the regulatory bar with stricter authentication, continuous monitoring and tighter third-party oversight.

The post PCI DSS 4.0: Time to Pay Up, Securely  appeared first on Security Boulevard.

FT 报道，美国最近几周吊销了逾 500 名外国学生的签证。从事国际教育和交流的大学和个人组成的网络 Nafsa 通过汇总全美高等教育机构的报告，已经发现了 500 起撤销签证的事件。“在许多层面上，这是一个未知领域，”Nafsa 的首席执行官 Fanta Aw 说。“这达到了前所未有的程度，这很令人担忧，因为缺乏清晰性正在引发焦虑。”吊销签证事件通常是在联邦移民记录更新后学校才发现，受影响的包括在校学生和应届毕业生。这些事件中最引人瞩目的一起是土耳其博士生 Rumeysa Ozturk 在街上被联邦特工拘留。已有学生提起诉讼，指控他们的签证未经正当程序被吊销。

A vulnerability was found in Microsoft Office. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-29792. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft SharePoint. This affects an unknown part. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-29793. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft SharePoint. This vulnerability affects unknown code. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-29794. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Word and classified as problematic. This vulnerability affects unknown code. The manipulation leads to untrusted pointer dereference. This vulnerability was named CVE-2025-29816. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Word. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-29820. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component Active Directory Certificate Services. The manipulation leads to weak authentication. This vulnerability is traded as CVE-2025-27740. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Word. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted pointer dereference. This vulnerability is known as CVE-2025-27747. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. This vulnerability affects unknown code of the component Win32k. The manipulation leads to use after free. This vulnerability was named CVE-2025-26687. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Fortinet has unveiled FortiAI innovations embedded across the Fortinet Security Fabric platform to enhance protection against new and emerging threats, simplify and automate security and network operations, and secure employee use of AI-enabled services. “Fortinet’s AI advantage stems from the breadth and depth of our AI ecosystem—shaped by over a decade of AI innovation and reinforced by more patents than any other cybersecurity vendor,” said Michael Xie, President, and CTO at Fortinet. “By embedding FortiAI across … More →

The post Fortinet unveils FortiAI innovations enhancing threat protection and security operations appeared first on Help Net Security.

Ты должен был бороться со злом, а не примкнуть к нему.