Aggregator

新闻速览 •四部门联合印发《关于促进数据标注产业高质量发展的实施意见》，提出促进标注产业安全发展 •意大利遭遇 […]

A vulnerability, which was classified as problematic, has been found in Infosoft Consultant Order Audit Log for WooCommerce Plugin up to 2.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-22337. The attack may be initiated remotely. There is no exploit available.

Безопасность Thymeleaf оказалась слабее, чем ожидалось.

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in

Threats, exploitation and mitigation of Ivanti’s two critical vulnerabilities—CVE-2025-02

2024 年德国可更新能源占到发电量的 62.7%。其中太阳能发电量 72.2 TWh，占总发电量的 14%；风电是德国最主要的电力来源，发电量 136.4 TWh；水电 21.7 TWh；可再生能源总发电量 275.2 TWh，比 2023 年增长 4.4%。生物质能发电量为 36 TWh。燃煤电厂的发电量大幅下降，其中燃褐煤电厂发电量 71.1 TWh，硬煤电厂发电量 24.2 TWh。德国二氧化碳排放量继续呈下降趋势，2024 年降至 1.52 亿吨，比 1990 年减少 58%。

What happens when a state’s network crashes or its security is breached? Critical services may come to a halt, important systems could go offline, and sensitive data might be exposed—creating a ripple effect that impacts everyone. Network operations (NetOps) and security operations (SecOps) are on the front lines...

Let’s make one thing clear first: I’m not singling out Google’s handling of problem

This week’s digest highlights critical cyber threats and vulnerabilities, emphasizing the importance of timely updates, proactive defenses, and enhanced user […]

The post Weekly Threat Landscape Digest – Week 2 appeared first on HawkEye.

This is a guest post by a researcher who wants to remain anonymous. You can contac

Eindhoven University of Technology has cancelled “lectures and other educational activities” follow

Researchers at Check Point said FunkSec operators appear to use AI for malware development

FunkSec是一个新的勒索软件组织，该组织在2024年12月攻击了80多名受害者，其勒索软件是利用AI工具开发的。

Overall botnet command contro

Critical infrastructure, spanning sectors such as healthcare, energy, and transportation, has be

This week’s Sunday Funday challenge by David Cowen is on SRUM forensics. The challenge states: The Challenge:With so many of us relying on SRUM for so many different uses its time to do some validation on the counters so many people cite. For this challenge you will test and validate the following SRUM collected metrics […]

少些，但要成熟

抛开day不谈，为什么同样一个站你挖不到洞，别人却能咔咔上分？

Google Chrome and WordPress users face high-severity security threats. CyberSecurity Malaysia