Aggregator

【2025年多轮对话专项赛简况】本次赛集共包含100道测试问题集，围绕“犯罪行为”主题，每个问题集包含4-5个小问题，用于与大模型进行多轮交互。基于上述基准测试集，我们已对国内外32款知名商用大模型的

关注我们带你读懂网络安全欧盟法院首次因违反GDPR数据保护法规对欧盟官方处罚。前情回顾·网络安全事故赔偿因非法收集共享用户隐私数据，这家医疗公司赔偿超1.8亿元因泄露超23.5万患者数据，地方医疗机构

关注我们带你读懂网络安全未来AI代理和老爷爷的共同点：都可能被网络钓鱼诈骗；如果AI代理真正实现大规模市场吸引力，它们可能会为身份管理市场带来棘手难题。前情回顾·新技术旧安全一句话让大模型聊天助手主动

欧盟委员会向美国传输了受影响者的IP数据

身份管理令人担忧

之前的文章中曾为大家简单介绍过线上代码审计平台ssa.to今天牛牛就来为大家详细介绍一下如何用ssa进行PHP的代码审计tp封装的辅助参数，I/request方法thinkphp中的封装了请求对象，$

之前的文章中曾为大家简单介绍过线上代码审计平台ssa，为大家详细介绍一下如何用ssa进行PHP的代码审计。

Обновления породили нового троянского коня для Microsoft.

A vulnerability classified as problematic has been found in activesupport Gem on Ruby. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-28120. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Kredis Gem up to 1.3.0.0 on Ruby and classified as problematic. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2023-27531. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Drupal Coffee up to 1.3.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13247. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Drupal CKEditor 4 LTS up to 1.0.0. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13245. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Node.js 18.x/20.x/21.x on Windows. This vulnerability affects the function child_process.spawn. The manipulation of the argument args leads to os command injection. This vulnerability was named CVE-2024-27980. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

通告编号:NS-2025-00012025-01-10TAG：Ivanti、缓冲区溢出、CVE-2025-0282漏洞危害：攻击者利用此漏洞，可实现任意代码执行版本：1.01漏洞概述近日，绿盟科技

近日，绿盟科技监测到Ivanti发布安全公告，修复了Ivanti多款产品缓冲区溢出漏洞(CVE-2025-0282)。CVSS评分9.0，目前已发现在野利用，请相关用户尽快采取措施进行防护。

Консерваторы хотят раскрыть личности википедистов за антисемитские правки.

China-linked APT group MirrorFace targets JapanJapanese authori

Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked group MirrorFace (aka Earth Kasha). The campaign has been active since at least 2019, it […]