Aggregator

4月6日，Goby安全团队检测发现，AI大模型开源项目 Langflow-ai github issue 提交了一个关于代码注入漏洞反馈（当前该issue已关闭）, 攻击者可以通过向特定端点发送精心构造的HTTP请求，执行任意代码。

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow […]

A vulnerability classified as critical was found in PMB up to 4.1.3. This vulnerability affects unknown code. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2014-9457. The attack can be initiated remotely. Furthermore, there is an exploit available.

emlog pro search_controller.php文件对用户输入未安全处理，导致攻击者通过双重URL编码绕过转义机制。

Кризис 2008 был пробой пера. Дальше – ИИ-катастрофа.

A moderate-severity vulnerability has been identified in Microsoft Identity Web. Under specific conditions, it could potentially expose sensitive client secrets and certificate information in service logs.  The flaw, tracked as CVE-2025-32016, impacts versions 3.2.0 through 3.8.1 of the library and has prompted an urgent advisory from Microsoft. The vulnerability affects Microsoft.Identity.Web, a widely used NuGet […]

The post Microsoft Identity Web Package Vulnerability Exposes Client Secrets & Certificate Information appeared first on Cyber Security News.

以ISC.AI学苑破局AI教育

360亮相Black Hat大会，车联网安全威胁检测成果登陆国际舞台

CISA紧急警告：Linux内核高危漏洞正被黑客利用！

2025年3月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1847.9万件，环比增长4.5%、同比下降0.3%。

数字经济时代，公民的个人信息正面临前所未有的安全挑战。数字生活在给大家带来便利的同时，也带来了个人信息泄露的困扰。APP过度收集使用个人信息的情况屡禁不止，扫码点餐、出行乘车等线下消费场景，违法违规收集使用个人信息的情况时有发生。

今年全国两会期间，司法如何服务保障发展新质生产力成为“两高”报告的一大亮点，最高人民法院工作报告和最高人民检察院工作报告都予以专门关注。

随着人工智能和物联网技术的普及，智能门锁等智能家居逐渐普及，已经融入现代社会工作生活的方方面面，显著地提升了人们的生活质量。值得注意的是，智能家居产品的敏感数据若被别有用心之人利用，可能造成信息泄露，对国家安全构成威胁。

近日，国家网信办会同相关部门起草的《网络安全法（修正草案再次征求意见稿）》面向社会公开征求意见。

关于第二届“长城杯”铁人三项赛（防护赛）半决赛各赛区一二三等奖获奖队伍名单公示通知

A vulnerability was found in bPlugins Print Page Block Plugin up to 1.0.8 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-30438. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in MultiVendorX WC Marketplace Plugin up to 4.1.3 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-30433. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Collectchat Plugin up to 2.4.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-30436. The attack can be launched remotely. There is no exploit available.