Aggregator

全港第二届网络安全攻防演练落幕！360获香港特区政府致谢

“懂AI更懂安全”！360引领行业智能化变革

零基础也能学！掌握VMProtect加密原理与逆向实战技巧

文末投递简历

Chromium漏洞恐致全球浏览器崩溃，谷歌两月未回应。

看雪论坛作者ID：阿强

A vulnerability classified as critical was found in ISO 15118-2 Network and Application Protocol Requirements 8.3. Impacted is an unknown function of the component Signal Level Attenuation Characterization Protocol Handler. Such manipulation leads to improper restriction of communication channel to intended endpoints. This vulnerability is traded as CVE-2025-12357. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended that additional encryption be implemented.

A vulnerability classified as critical has been found in Therefore Corporation Therefore Online and Therefore On-Premises up to 2025. This issue affects some unknown processing. This manipulation causes authentication bypass by spoofing. This vulnerability appears as CVE-2025-11843. The attack may be initiated remotely. There is no available exploit.

Intigriti's Ed Parsons on How Regs Are Pushing Firms Toward Proactive Security
The NIS2 Directive has driven significant improvements in vulnerability management across Europe. Organizations are accelerating vulnerability discovery by engaging with crowdsourced security communities and ethical hackers, said Ed Parsons, chief operations officer at Intigriti.

Why the Fortinet Earnings Case Is a Cautionary Tale for the Cybersecurity Sector
Fortinet's stock unexpectedly plunged more than 20% in August. That same month, Gartner named Fortinet an industry leader in its Magic Quadrant for hybrid mesh firewalls. But the thing that sent Fortinet's stock into a nosedive was revenue forecasts that didn't pan out.

NAV Canada CISO Tom Bornais on Keeping IT and OT Systems Running
With threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems.

Global Tech Debt Impedes Growth as AI, Cloud and Legacy Systems Collide
Technical debt is no longer just a developer's dilemma; it's a global business risk. As companies cling to legacy systems and monolithic code, modernization efforts stall. Rising costs, slower delivery and AI limitations highlight the urgent need for scalable, future-ready architectures.

From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now

关注高级攻防对抗技术热点，研究对手技术进行高级威胁模拟，研判攻击安全发展方向。

A vulnerability described as critical has been identified in Linux Kernel up to 6.18-rc2. This vulnerability affects the function comedi_buf_munge of the component comedi. The manipulation results in divide by zero. This vulnerability is reported as CVE-2025-40106. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

速看！国密双向认证的通关技巧~

A vulnerability marked as problematic has been reported in Open-Xchange OX App Suite up to 7.6.3-rev77/8.35.111/8.38.82/8.39.79/8.40.57. This affects an unknown part. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is documented as CVE-2025-30191. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Open-Xchange OX App Suite up to 2.1.7. Affected by this issue is some unknown functionality of the component API. Executing manipulation can lead to resource consumption. This vulnerability is registered as CVE-2025-30188. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

累计下载量超过9900次