Aggregator

Gartner MQ for Cyber-Physical Security Details Pros, Cons of Pure-Play Approach
Pure-play OT specialists Claroty, Nozomi and Dragos were joined by asset management expert Armis and behemoth Microsoft atop Gartner's first-ever ranking of cyber-physical systems vendors. Historically, a wide range of vendors were grouped together under the broad umbrella of OT security.

火星的两极皆有极冠，其中北极极冠主要由水冰组成，是火星曾拥有温暖、潮湿气候的重要证据之一。德国航空太空中心的一组研究人员利用极冠的雷达及地震观测数据推算，揭示了极冠的年龄与火星内部结构之间的关联性。极冠直径约 1,000 公里，厚度达 3 公里。研究团队结合火星的地函热演化模型、冰川等静压调整的计算数据、重力数据、雷达与地震观测等，发现北极极冠的重量让地表下沉，速率为每年0.13毫米。团队表示此变形速率与地球比较相对较低，显示火星上地函的黏滞性远高于地球，意味着上部地函温度较低且刚性更高，更进一步说明火星内部的热对流较弱，证实火星的地质活动远不如地球活跃。研究团队推测，火星北极极冠的年龄约为200万至1,200万年，显示其形成时间远比于火星上其他主要地形特征更年轻。

Выявлены случаи неэффективных закупок ПО в федеральных ведомствах.

#勒索病毒 #520 #Ransomware 520勒索病毒攻击

正常数字签名的银狐钓鱼样本分析

看雪论坛作者ID：xichang13

DeepSeek 开源周真正的意义，藏在今天的彩蛋里。

Анатомия президентского крипто-ограбления в Аргентине.

近日，国家信息安全漏洞共享平台（CNVD）收录了Ollama未授权访问漏洞（CNVD-2025-04094）。

近日，国家信息安全漏洞共享平台（CNVD）收录了Ollama未授权访问漏洞（CNVD-2025-04094）。

A vulnerability was found in GeoVision GV-ASWeb 6.1.2.0. It has been rated as critical. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2025-26264. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in ShopXO 6.4.0 and classified as critical. This vulnerability affects unknown code of the file ThemeDataService.php. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2025-26325. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Vue Vben Admin 2.10.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to hard-coded credentials. The identification of this vulnerability is CVE-2025-25570. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in Brocade ASCG up to 3.1.x. This affects an unknown part of the component Web Interface. The manipulation leads to unprotected transport of credentials. This vulnerability is uniquely identified as CVE-2024-1509. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Scratch-Coding-Hut up to 2025-02-28. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-27416. The attack may be initiated remotely. There is no exploit available.

中国载人航天工程办公室周五与巴基斯坦太空与高层大气研究委员会在巴基斯坦首都伊斯兰堡正式签署《关于选拔、训练巴基斯坦航天员并参与中国空间站飞行任务的合作协议》。按计划，双方将利用一年左右的时间完成选拔工作，巴基斯坦航天员将在中国接受全方位的系统训练。根据中国空间站的飞行任务规划安排，将在未来几年内择机安排巴基斯坦航天员与中国航天员一道进入中国空间站执行短期飞行任务。

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-1814. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-1813. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.