Aggregator
全年披露40000+漏洞,《2024年度网络安全漏洞分析报告》解码漏洞风险
1 year 5 months ago
安全客
Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification
1 year 5 months ago
Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content.
"Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for
The Hacker News
攻击者利用新零日漏洞劫持Fortinet防火墙
1 year 5 months ago
Fortinet警告称,攻击者利用零日漏洞CVE-2025-24472劫持防火墙,获取超级管理员权限,入侵企业网络。
CVE-2025-0693: AWS IAM User Enumeration
1 year 5 months ago
The post CVE-2025-0693: AWS IAM User Enumeration appeared first on Rhino Security Labs.
Nate Wilson
黑客利用Google Tag Manager在Magento商店上部署信用卡Skimmers
1 year 5 months ago
安全客
DDoS Attack Volume and Magnitude Continues to Soar
1 year 5 months ago
Gcore reported a 56% year-over-year rise in DDoS attacks in H2 2024, highlighting a steep long-term growth tend for the attack technique
Salt Typhoon's Impact on the US & Beyond
1 year 5 months ago
Salt Typhoon underscores the urgent need for organizations to rapidly adopt modern security practices to meet evolving threats.
Michael McLaughlin, Jillian Cash, Kellen Carleton
DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for Businesses
1 year 5 months ago
The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.
Elizabeth Montalbano, Contributing Writer
Artificial intelligence (AI) as an Enabler for Enhanced Data Security
1 year 5 months ago
Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. Artificial intelligence (AI) is transforming industries and redefining how organizations protect their data in today’s fast-paced digital world. With over 90% of enterprises storing at least some of their data in the cloud, AI’s ability […]
Pierluigi Paganini
中小企业级流量检测实战(第一期)—— Suricata与ELK快速部署
1 year 5 months ago
中小企业如何在预算有限的情况下搭建一套可用流量检测与告警方案
涉嫌伪造SEC帖子背后的黑客可能会在认罪协议中没收5万美元
1 year 5 months ago
安全客
Progress security advisory (AV25-071)
1 year 5 months ago
Canadian Centre for Cyber Security
Gcore Radar: новые рекорды DDoS-атак и неожиданные жертвы кибервойны
1 year 5 months ago
Традиционные методы защиты больше не работают – что делать компаниям?
【CTF】Flask SSTI姿势与手法总结 Cheatsheet速查表
1 year 5 months ago
本文总结了一系列Flask SSTI利用与绕过方式,希望提高大家的工作与研究效率。
网络攻击扰乱了Lee报纸在美国各地的运营
1 year 5 months ago
安全客
CVE-2025-26493 | JetBrains TeamCity up to 2024.12.1 Code Inspection Report Tab cross site scripting
1 year 5 months ago
A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2024.12.1. Affected is an unknown function of the component Code Inspection Report Tab. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-26493. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-12366 | Sinaptik AI PandasAI 2.4.0 Natural language Processing code injection
1 year 5 months ago
A vulnerability, which was classified as critical, has been found in Sinaptik AI PandasAI 2.4.0. This issue affects some unknown processing of the component Natural language Processing. The manipulation leads to code injection.
The identification of this vulnerability is CVE-2024-12366. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-26492 | JetBrains TeamCity up to 2024.12.1 Kubernetes Connection insufficiently protected credentials
1 year 5 months ago
A vulnerability classified as problematic was found in JetBrains TeamCity up to 2024.12.1. This vulnerability affects unknown code of the component Kubernetes Connection Handler. The manipulation leads to insufficiently protected credentials.
This vulnerability was named CVE-2025-26492. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1231 | Devolutions Server up to 2024.3.10.0 PAM Module improper authentication (DEVO-2025-0002)
1 year 5 months ago
A vulnerability classified as critical has been found in Devolutions Server up to 2024.3.10.0. This affects an unknown part of the component PAM Module. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2025-1231. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com