Aggregator

作者：DARKNAVY 原文链接：https://mp.weixin.qq.com/s/pR0ZGkKmW_ilhjPb_VnvLg 2025年伊始，持续五年的“Siri偷听门”事件终于迎来了终章。苹果公司以9500万美元的和解金，与原告达成了集体诉讼的和解。 这起备受瞩目的隐私争议案件起源于用户指控Siri在未经授权的情况下，意外捕获并录制日常对话，并将数据泄露给第三方广告商。 尽管苹果对...

人人都可以成为客户眼中的安全专家，只要注意沟通技巧、态度等

A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems.  All versions of Parallels Desktop, including the most recent 20.2.1 (55876), are vulnerable to the flaw identified as CVE-2024-34331, which results from insufficient security controls in the application’s macOS installer […]

The post Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released appeared first on Cyber Security News.

工业物联网是工业互联网的重要组成部分，重工业企业亟需认知并适应这些新型风险，以确保未来运营安全。

DeepSeek has launched FlashMLA, a groundbreaking Multi-head Latent Attention (MLA) decoding kernel optimized for NVIDIA’s Hopper GPU architecture, marking the first major release of its Open Source Week initiative. This innovative tool achieves unprecedented performance metrics of 3000 GB/s memory bandwidth and 580 TFLOPS computational throughput on H800 GPUs, setting new benchmarks for AI inference […]

The post DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast appeared first on Cyber Security News.

马斯克（Elon Musk）声称波音 Starliner 宇航员 Sunita Williams 和 Barry Wilmore 因政治原因滞留在国际空间站(ISS)，宇航员 Andreas Mogensen 和 Chris Hadfield 驳斥了马斯克的说法。两名 Starliner 宇航员原计划在轨八天，但因为 Starliner 的技术问题而滞留在空间站，他们原计划于今年 2 月搭乘 SpaceX 的 Crew-9 任务飞船返回地面，但因为 SpaceX 未能准备好发射 Crew-10 任务飞船而推迟到 3 月。马斯克随后再次抛出了一个观点，呼吁尽可能快的将 ISS 脱离轨道，他表示 ISS 已完成其使命，没什么增量效用，应该将重心转移到火星。他称将建议特朗普总统提前退役国际空间站，比原定的 2030 年提前两年脱离轨道。芝加哥大学太空历史学家 Jordan Bimm 认为国际空间站最重要发现之一是微重力会以多种有害的方式影响人体，微重力会导致骨质流失、肌肉流失、体液变化、眼睛变化和视力丧失等。我们已经获得了大量微重力随时间而影响人体的数据，并据此制定了应对之策，包括阻抗训练或在跑步机上跑步等。

Launch a fully customized Trust Center in minutes with Scytale and effortlessly showcase your security and compliance posture.

The post Showcase Your Security and Compliance Program in Minutes with Scytale’s Trust Center appeared first on Scytale.

The post Showcase Your Security and Compliance Program in Minutes with Scytale’s Trust Center appeared first on Security Boulevard.

A sophisticated phishing campaign impersonating OpenAI’s ChatGPT Premium subscription service has surged globally, targeting users with fraudulent payment requests to steal credentials. Cybersecurity firm Symantec recently identified emails spoofing ChatGPT’s branding, urging recipients to renew a fictional $24 monthly subscription. The emails, marked with subject lines like “Action Required: Secure Continued Access to ChatGPT with a […]

The post Fake ChatGPT Premium Phishing Scam Spreads to Steal User Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers.  The flaw enables authenticated attackers to execute arbitrary SQL commands through specially crafted ETRN SMTP transactions when specific configuration conditions exist. The vulnerability was reported through responsible disclosure channels […]

The post Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries appeared first on Cyber Security News.

Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5’s BIG-IP application delivery controllers.  The flaw, which carries a CVSS v3.1 score of 8.8, enables authenticated attackers to execute arbitrary system commands through improper neutralization of special elements in the iControl REST API and TMOS Shell (tmsh).  Successful […]

The post PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability appeared first on Cyber Security News.

Google Cloud готовит оборону от угроз, которых ещё не существует.

The rapid evolution of quantum computing has increased global efforts to future-proof cryptographic systems, with Google taking a crucial step by integrating quantum-safe digital signatures into its Cloud Key Management Service (Cloud KMS).  The update introduces support for NIST-standardized post-quantum cryptography (PQC) algorithms FIPS 204 and FIPS 205 in preview, enabling organizations to safeguard digital […]

The post Google Unveils Quantum-Safe Digital Signatures in Cloud KMS appeared first on Cyber Security News.

一款涵盖常见应急分析场景的安全分析工具

A significant security vulnerability (CVE-2024-54961) has been identified in Nagios XI 2024R1.2.2, enabling unauthenticated attackers to retrieve sensitive user information, including usernames and email addresses.  This flaw, classified as an information disclosure vulnerability (CWE-200), exposes organizational user directories to potential misuse in phishing campaigns or credential-stuffing attacks. Nagios XI Vulnerability The vulnerability resides in improper […]

The post Nagios XI Vulnerability Allows Unauthenticated Users to View Other User Details & Email  appeared first on Cyber Security News.

Researchers uncovered critical zero-day vulnerabilities in Fluent Bit, a ubiquitous logging utility embedded in cloud infrastructure across major providers like AWS, Google Cloud, and Microsoft Azure.  The flaws tracked as CVE-2024-50608 and CVE-2024-50609 (CVSS 8.9), exploit null pointer dereference weaknesses in Fluent Bit’s Prometheus Remote Write and OpenTelemetry plugins.  With over 15 billion downloads and […]

The post Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks appeared first on Cyber Security News.

A vulnerability classified as problematic was found in Micha I Plant A Tree Plugin up to 1.7.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-51883. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in GeroNikolov Fancy User List Plugin up to 3.1 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-51889. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in geoWP Geoportail Shortcode Plugin up to 2.4.4 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-51890. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in naa986 Sell Media File with Stripe Plugin up to 1.0.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-51892. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in ThemeAtelier Postify Plugin up to 1.0.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-51893. The attack may be launched remotely. There is no exploit available.