Aggregator

A high-severity vulnerability (CVE-2025-47950) in CoreDNS’s DNS-over-QUIC (DoQ) implementation enables remote attackers to crash DNS servers through stream amplification attacks. Patched in v1.21.2, this flaw highlights risks in modern protocol adoption for cloud-native systems Goroutine Proliferation in DoQ Implementation The vulnerability stems from CoreDNS’s handling of QUIC streams in its server_quic.go component. For every incoming […]

The post CoreDNS Vulnerability Allows Attackers to Exhaust Server Memory via Amplification Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The push for software that is secure by design as well as for improved software supply chain security is gaining momentum with new marching orders from the U.S. Department of Defense (DoD) as it revamps how it tests, authorizes, and procures software.

The post DoD issues new marching orders on secure software and SBOMs appeared first on Security Boulevard.

Broadcast as a free public service, the beacon can be used anywhere an independent source of random numbers would be useful, such as selecting jury candidates or assigning resources through a lottery.

The examples use off-the-shelf commercial technologies, giving organizations valuable starting points.

Франция на грани цифрового перевоспитания.

A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers. Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113, just days after the patch was released, targeting over 80,000 servers. Roundcube is a popular webmail platform and has been repeatedly targeted […]

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies from 26 countries to identify servers, map physical networks, and execute targeted takedowns. "These

Пока ты листал расписание, кто-то отбивал DDoS.

In today’s cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked: the Domain Name System (DNS). As the starting point of nearly every online interaction, DNS is not only foundational - it’s increasingly a target. When left unsecured, it becomes a single point of

人还是太孤独了。

Magento выглядела вполне нормально, пока в ней не нашли способ запускать произвольный код.

An ISC2 study found that 90% of security hiring managers would consider entry-level candidates with only previous IT work experience

For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickly. About CVE-2025-33053 CVE-2025-33053 is a remote code execution vulnerability in Web Distributed Authoring and Versioning (WebDAV), which is a protocol for extending HTTP protocol functionality for interacting with files. Flagged by Check Point researchers, the vulnerability has been exploited in March 2025 to … More →

The post Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) appeared first on Help Net Security.

2025年5月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1829.6万件，环比增长1.7%、同比下降9.4%。

5月29日，英国国防部宣布，将斥资10亿英镑（约合13.5亿美元）建设“数字目标定位网络”。为此，英国将组建新的网络与电磁司令部，并招募相关人员，全面强化英军网络战能力，使网络和电磁行动与其他军事行动...

党中央、国务院高度重视政务数据共享工作。近日，国务院总理李强签署国务院令，公布《政务数据共享条例》。《条例》是我国第一部专门规范和推进政务数据共享的行政法规，是我国数字政府建设顶层设计的又一里程碑事件...

意见反馈截止日期为2025年7月10日前。