Aggregator

Currently trending CVE - Hype Score: 10 - MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing ...

Currently trending CVE - Hype Score: 7 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing ...

Currently trending CVE - Hype Score: 35 - Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability ...

近日，国家市场监督管理总局与国家互联网信息办公室联合发布《网络交易平台规则监督管理办法》（以下简称《办法》），《办法》将于2026年2月1日起施行。

随着网络安全防护体系的不断演进，攻击者也在持续寻找新的技术路径规避检测机制。近日，一种新型钓鱼邮件攻击手法在国际安全社区引发广泛关注：攻击者不再使用传统的图片嵌入方式生成二维码，而是通过纯HTML表格结构“绘制”出视觉上几乎无法辨别……

2025年，世界百年变局加速演进，新一轮科技革命和产业变革深入发展，人工智能作为引领未来的战略性技术，已成为全球大国竞争的新焦点、新赛道。习近平总书记指出：“人工智能是引领这一轮科技革命和产业变革的战略性技术，具有溢出带动性很强的‘头雁’效应。

本文将探讨大模型技术对网络安全生态的关键影响，并以此聚焦网络安全人才培养所面临的机遇与挑战，剖析大模型对网络安全人才能力结构与成长机制的深远影响，最终构建适配的人才培养新路径。

英国智库从多重角度分析美军委内瑞拉行动中的网络能力动用

波兰指责俄罗斯蓄意破坏行为

NCSC выпустил руководство по защите операционных технологий от кибератак.

天元实验室近期对国内多种主流模型在线服务进行了对抗干扰下的安全检测与阻断能力测试，发现不同模型在线生成内容抵御各类越狱攻击方法存在差异，与模型架构特性、安全对齐策略及在线服务使用的防护机制有关。

Centre for Research on Energy and Clean Air 的分析发现，中国和印度两个最大的煤炭消费国的煤电发电量 自 1973 年以来首次同时下降。中国和印度的煤电发电量分别下降了 1.6% 和 3%，两国大力发展的清洁能源项目足以满足不断增长的能源需求。中国去年新增太阳能发电装机容量逾 300GW，风能发电装机容量逾 100GW，而印度去年新增太阳能 35GW、风能 6GW 和水电 3.5GW。

The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. [...]

Hewlett Packard Enterprise (HPE) has disclosed four high-severity vulnerabilities in its Aruba Networking Instant On devices that could allow attackers to access sensitive network information and disrupt operations. The security flaws, identified as CVE-2025-37165, CVE-2025-37166, CVE-2023-52340, and CVE-2022-48839, affect devices running software version 3.3.1.0 and earlier. Vulnerability Details and Risk Assessment The most critical vulnerability, […]

The post HPE Aruba Vulnerabilities Enables Unauthorized Access to Sensitive Information appeared first on Cyber Security News.

CTF密码学总卡关？30小时破局实战来了！

防火墙需立即升级，防范未认证拒绝服务攻击。

看雪论坛作者ID：G0t1T

让IAST转化为研发安全的效能助推器

360以AI创新破解教育与产业人才鸿沟

Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses. The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has allowed it to confiscate the malicious