Aggregator

The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass

在针对 Windows 平台的红队渗透测试和蓝队防御体系研究中，控制 Windows 代码完整性策略的启动策略已经成为一种高级且隐蔽的攻击手法。本节我们通过分析一段典型的代码，理解攻击者是如何通过上传自定义的 SiPolicy.p7b 策略文件，并在目标系统重启后实现策略生效的。

2025数字中国创新大赛-移动互联网（APP）安全积分争夺赛决赛 Writeup

The NCSC and DSIT work with ETSI to ‘set a benchmark for securing AI’.

Нейросеть Aurora готова вытеснить суперкомпьютеры из метеоцентров.

Ведомство сможет блокировать контент до суда.

A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60…

Google обошёл закон и разозлил правозащитников.

It’s not enough to be secure. In today’s legal climate, you need to prove it. Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions. Regulators and courts are now holding organizations accountable for how “reasonable” their security programs are

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows. Core workflows, like

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues

Сначала был CVE, потом KEV, теперь — LEV. Кто следующий?

A vulnerability, which was classified as very critical, was found in Vertiv Liebert RDU101 and Liebert IS-UNITY. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-41426. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

关键词恶意软件SK电信表示，2025年4月披露的一起网络安全事件，实际上最早发生在2022年。

Cyber Education Needs to Go Beyond the Checklist to Prepare Future Professionals
AI is redefining how organizations work, learn and defend themselves. But while the tech is moving fast, training strategies meant to prepare security professionals often lag far behind. That gap is persistent, pervasive and reshaping the very nature of cybersecurity careers.

Auto Lending Sector Is Hardest Hit by Scammers Using Synthetic Identities
Synthetic identity and credit washing fraud have hit another record high and are showing no signs of slowing down, according to a new report by TransUnion. Unscrupulous credit repair companies are adding to the problem by convincing people in debt to create new identities.

Experts Pointing a Finger at Interlock Ransomware Gang for Kettering Health Attack
Ohio-based Kettering Health is in its second day responding to a cyberattack that's disrupted patient care services and downed its IT systems, including its patient portal and phones. Some cybersecurity insiders say Interlock ransomware is responsible.

'Hazy Hawk' Behind a Rash of Domain Hijackings
A hacking group with apparent access to a commercial domain name system archiving service is on the hunt for misconfigured records of high-reputation organizations in order to blast links to scammy domains. It checks the CNAME field of DNS records to see if it points to an abandoned cloud service.

感谢各位白帽师傅对DSRC的陪伴与贡献，我们为大家准备了端午定制礼盒，愿各位白帽师傅清芬常伴，岁岁安康。

关键词数据泄露O2 UK实施VoLTE和WiFi呼叫技术的缺陷可能允许任何人通过呼叫目标来暴露一个人和其他标识