Aggregator

AI 冲击与法规收紧压力下，网络安全人才何去何从？

2025年5月，美国国家地理空间情报局局长在GEOINT大会上谈到一个细节：NGA Maven已经向所有军种和

5月高危漏洞清单出炉！涵盖Linux内核、Windows Netlogon等，速看修复建议。

木鱼沙箱一个全网独有的功能，就是支持参KernelPatch的KPM模块，与安卓GKI内核的ko模块进行动态跟踪

2026.06.27 16:00 - 06.29 16:00，XCTF x SekaiCTF 2026即将开启！

2026年6月4日，Check Point Research 在发现异常活动迹象后启动调查，确认 CVE-2026-50751 已在野遭到积极利用。该漏洞为远程访问 VPN 和移动访问（Mobile Access）组件中已弃用 IKEv1 密钥交换协议下的身份验证绕过缺陷，CVSS 评分 9.3（Critical）。

Currently trending CVE - Hype Score: 7 - Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default ...

Currently trending CVE - Hype Score: 7 - Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able ...

Currently trending CVE - Hype Score: 7 - Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery ...

Currently trending CVE - Hype Score: 7 - The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Currently trending CVE - Hype Score: 7 - Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Currently trending CVE - Hype Score: 7 - Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, ...

Currently trending CVE - Hype Score: 7 - In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the ...

Currently trending CVE - Hype Score: 7 - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the ...

The Apache Software Foundation released Apache HTTP Server version 2.4.68 on June 8, 2026, addressing 13 security vulnerabilities spanning multiple modules. The patched flaws include use-after-free conditions, cross-site scripting, heap-based buffer overflows, denial-of-service, privilege escalation, and out-of-bounds read issues affecting all versions from 2.4.0 through 2.4.67. Administrators running any prior release are strongly urged to […]

The post Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws appeared first on Cyber Security News.

株式会社アルコムが提供するCamViewのインストーラにはDLL読み込みに関する脆弱性が存在します。

An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. FFmpeg quietly powers media processing across browsers, streaming platforms, surveillance systems, and cloud infrastructure, making it one of the most security-critical open-source libraries. […]

The post 21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks appeared first on Cyber Security News.

Even a mundane feedback form can morph into an initial attack vector. This transition occurs when a data handler executes submitted text as code. Specifically, adversaries are actively exploiting a critical vulnerability designated as...

The post Remote Code Execution: Critical Flaw in Everest Forms Pro Enables WordPress Invasions appeared first on Information Security News.

An elderly couple in Antwerp, Belgium, suffered a devastating loss of €50,000. Specifically, an impostor masqueraded as a banking official. He seamlessly manipulated the spouses into transferring their funds to an alleged “secure” account....

The post Judicial Paradigm Shift: Belgian Court Orders Bank to Reimburse Phishing Victims appeared first on Information Security News.

An Application Programming Interface description file might seem like an ordinary technical detail. However, for malicious actors, this file often serves as an elegant map of an external service. The Mechanics of API Exposure...

The post Architectural Blueprints: The Security Risks of Exposed Swagger Specifications appeared first on Information Security News.