Aggregator

A vulnerability classified as critical has been found in Checkmk NagVis up to 1.9.41/2.3.0p9. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-13723. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

既然网络有被攻击的风险，很多人就希望本地化部署DeepSeek，部署完成后就可以避免安全问题发生了吗?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new set of guidelines to fortify firewalls, routers, internet-facing servers, and other edge devices against cyber threats. This collaborative guidance, supported by leading international cybersecurity organizations, aims to address vulnerabilities in hardware that form the backbone of critical infrastructure and operational networks worldwide. Edge devices—like […]

The post CISA Releases New Guidelines to Secure Firewalls, Routers, and Internet-Facing Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data. OpenNHP offers the following benefits: Reduces attack surface by hiding infrastructure Prevents unauthorized network reconnaissance Mitigates vulnerability exploitation Stops phishing via encrypted DNS Protects against DDoS attacks Enables fine-grained access control Provides identity-based connection tracking Attack attribution “The OpenNHP proposed a cost-effective way to solve the vulnerability problem. The common way to mitigate vulnerabilities is … More →

The post OpenNHP: Cryptography-driven zero trust protocol appeared first on Help Net Security.

国家市场监管总局在一句话声明中宣布对谷歌发起反垄断调查：“因谷歌公司涉嫌违反《中华人民共和国反垄断法》，市场监管总局依法对谷歌公司开展立案调查。”谷歌在中国的业务主要剩下广告，但其广告收入相比百度等公司微乎其微，暂时不清楚谷歌涉嫌垄断的是哪项业务。

SparkCat恶意活动概述 2024年底，卡巴斯基的专家发现了一场名为SparkCat的恶意活动，该活动通过传播恶意软件来针对加密货币钱包。早在2023年3月，ESET就发现了一些经过修改的即时通讯应用版本中嵌入了恶意软件，这些软件利用光学字符识别（OCR）技术扫描受害者设备中的图片，寻找恢复加密货币钱包访问权限的短语。 卡巴斯基在2024年底发现的SparkCat活动采用了类似的策略，但这

Даже незначительные отклонения способны привести к необратимым последствиям.

至少在「教长辈」这件事上，AI 已经超越我了。

Риски для разработчиков растут.

In this Help Net Security video, Ivan Novikov, CEO of Wallarm, discusses the 2025 API ThreatStats Report, highlighting how APIs have become the primary attack surface over the past year, mainly driven by the rise of AI-related risks. Researchers identified 439 AI-related CVEs—a staggering 1,025% increase from the previous year. 99% were linked to APIs, with vulnerabilities including injection flaws, misconfigurations, and emerging memory corruption issues caused by AI’s reliance on high-performance binary APIs. In … More →

The post The API security crisis and why businesses are at risk appeared first on Help Net Security.

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

Новые данные с МКС раскрывают тайны космических лучей.

The Google Chrome team has officially released Chrome 133, now available on the stable channel for Windows, Mac, and Linux. This update, version 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac, brings a host of improvements and critical security fixes. Users are strongly urged to update their browsers immediately to protect against newly discovered […]

The post Chrome Use-After-Free Vulnerabilities Let Attackers Execute Remote Code – Update Now appeared first on Cyber Security News.

A vulnerability was found in Treck TCP-IP Stack 4.7.1.27/5.0.1.35/6.0.1.28/6.0.1.41 and classified as problematic. This issue affects some unknown processing of the component IPv6 Handler. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2020-11899. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MobileIron Core and Connector up to 10.6.0.0. It has been classified as critical. This affects an unknown part. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2020-15505. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Tenda AC15 and AC1900 15.03.05.19 and classified as critical. This vulnerability affects unknown code of the file goform/setUsbUnload. The manipulation of the argument deviceName as part of POST Parameter leads to injection. This vulnerability was named CVE-2020-10987. The attack can be initiated remotely. Furthermore, there is an exploit available.