Aggregator

A vulnerability described as problematic has been identified in Apple iOS and iPadOS. This affects an unknown function. The manipulation results in improper initialization. This vulnerability is known as CVE-2024-40854. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Apple macOS. The impacted element is an unknown function. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2024-40854. An attack has to be approached locally. There is no exploit available. It is suggested to upgrade the affected component.

依照《国家信息安全漏洞共享平台（CNVD）支撑单位能力评价》办法，CNVD完成2024年度技术组支撑单位的能力评价工作。

近日，国家信息安全漏洞共享平台（CNVD）按照《CNVD管理办法》和《CNVD支撑单位能力要求》对申请单位进行了能力考察。

HackerNews 编译，转载请注明出处： 本周披露的多起网络事件表明，越南和巴拿马政府机构遭遇黑客攻击，导致公民数据被盗。 越南官方媒体报道称，该国网络安全应急中心（VNCERT）已确认接到国家信用信息中心（CIC）的安全事件报告。该中心由越南国家银行运营，负责管理全国公民和企业的信用信息。 VNCERT表示，初步调查显示此次攻击导致个人数据泄露。该机构正与多个部门及国有电信企业Viettel联合开展调查。初步核查结果显示存在以窃取个人数据为目的的网络犯罪攻击和入侵迹象。非法获取的数据量仍在统计和核实中。VNCERT敦促居民不要下载或传播被盗数据，并威胁将对相关行为追究法律责任。 该声明发布前两天，与Scattered Spider网络犯罪组织及其关联团伙ShinyHunters有关的黑客声称攻破了CIC系统，窃取约1.6亿条记录。黑客在网络犯罪论坛上挂牌出售这些信息，提供的样本包含个人姓名、地址、信用卡历史、政府身份证件、收入证明和债务状况等数据。黑客在接受DataBreaches网站采访时称，他们利用了已停产软件中的某个漏洞，但从未就被盗数据索要赎金。 据彭博社报道，CIC已告知国内银行，此次攻击的幕后黑手是ShinyHunters组织。该攻击团伙今年已因数十起高调事件受到全球执法机构关注，包括针对零售、航空和保险行业大型企业的多起攻击行动。 巴拿马财政部也同步遇袭。 巴拿马政府官员证实，该国经济财政部本周同样遭受网络攻击。经济财政部（MEF）向公众通报，今日发现部内某个办公室存在恶意软件事件。他们立即启动了既定安全协议，并在整个计算机系统强化预防措施以遏制入侵。所幸MEF核心平台均未受影响，目前完全正常运行。但经济财政部未回应置评请求，也未提供事件更新。 INC勒索软件组织宣称对此次攻击负责，声称从该部窃取了1.5太字节信息，包括预算、电子邮件等数据。该团伙去年11月曾被指涉嫌攻击匈牙利国防采购局，以及美国的多家医院和 grocery store 连锁企业。   消息来源：therecord.media； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文  

错误代码521表示Web服务器返回了无效响应，通常由服务器配置问题或资源不足引起。

HackerNews 编译，转载请注明出处：   近日，奢侈品巨头开云集团确认发生重大数据安全事件。其旗下的古驰（Gucci）、巴黎世家（Balenciaga）、亚历山大·麦昆（Alexander McQueen）等品牌的数据遭黑客组织窃取，数百万客户的姓名、电话、邮箱、住址，甚至在全球各地的奢侈品消费记录等隐私信息遭泄露。目前，开云集团已求助数据保护机构。 该黑客组织已向英国BBC广播公司发送了部分数据样本，其中包含数千名客户的信息。据BBC透露，其中部分客户的消费金额高达8.6万美元（约合62万人民币）。值得注意的是，数据泄露可能会导致这些“高消费人群”成为后续诈骗活动的目标。 BBC透露，发动此次攻击的黑客组织为“Shiny Hunters”。 早在今年4月，Shiny Hunters入侵了开云集团的系统，并窃取了旗下子品牌的客户数据。他们宣称掌握了 740 万个独立邮箱的完整数据库，这意味着受影响的客户数量可能与此相近。以此作为筹码向开云集团漫天要价，但双方的谈判以失败告终，集团拒绝交付赎金，并于6月修复了系统漏洞。 开云集团的工作人员向BBC表示：“6月，我们发现未经授权的第三方临时访问了我司系统，并获取了旗下部分品牌有限的客户数据。但所幸未发生财务信息泄露的情况，客户的银行卡号、信用卡信息以及政府签发身份证号等数据被未被泄露。 消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

错误代码521通常由ISP或CDN问题引起，可能导致无法访问网站或加载内容。解决方法包括检查网络连接、清除缓存、更换DNS服务器或联系ISP寻求帮助。

Новый каркас для памяти объединяет мир заметок и больших моделей.

A vulnerability has been found in FreePBX up to 17.0.20 and classified as critical. This vulnerability affects unknown code of the component Administrator Control Panel. Performing manipulation results in os command injection. This vulnerability is reported as CVE-2025-55211. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in FreePBX up to 15.0.37/16.0.40/17.0.20 and classified as critical. This issue affects some unknown processing of the component Administrator Control Panel Web Interface. Executing manipulation can lead to path traversal. This vulnerability appears as CVE-2025-59056. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

诚招高级渗透工程师一名，JD如图。

Salt Security introduced a new solution designed to secure the actions AI agents take within the enterprise. As large organizations adopt agentic AI, agents are increasingly making real-time API calls through protocols like MCP and A2A, creating a new layer of risk. Salt converges API and AI security, providing organizations with visibility into every agent-driven action, governance to enforce proper posture, and real-time protection against AI agent abuse. This release gives security teams immediate visibility, … More →

The post Salt Security secures AI agent actions across enterprise APIs appeared first on Help Net Security.

文章探讨了医疗系统中敏感数据面临的安全威胁及传统密码的局限性，并介绍了无密码认证技术如何通过生物识别、安全密钥等方法提升数据保护和效率。文章还提到多家医院已采用此类技术，并强调合规性和隐私保护的重要性。

Discover how passwordless authentication protects patient data, boosts compliance, and streamlines workflows in modern healthcare systems.

The post Passwordless Authentication in Healthcare: Protecting Patient Data appeared first on Security Boulevard.

A vulnerability was found in Apple macOS up to 14.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component App. Performing manipulation results in permission issues. This vulnerability was named CVE-2025-43341. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Apple macOS up to 14.7/15.6. The impacted element is an unknown function of the component App. Executing manipulation can lead to race condition. This vulnerability appears as CVE-2025-43304. The attack requires local access. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in Apple visionOS up to 18.4 and classified as critical. This affects an unknown function of the component App Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-43316. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Apple macOS and classified as critical. This impacts an unknown function of the component App Handler. The manipulation results in permission issues. This vulnerability is known as CVE-2025-43316. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14.7/15.6. It has been classified as critical. This affects an unknown function. Performing manipulation results in sandbox issue. This vulnerability is cataloged as CVE-2025-43286. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is recommended.