Aggregator

闪捷信息 40Gbps 国产化网络防泄漏（NDLP）产品震撼发布：以极致性能筑牢智能时代数据安全防线。

研究人员展示了如何利用多轮“故事化”攻击绕过提示级别的过滤器，暴露了 GPT-5 防御机制的系统性弱点。

Overview On August 13, NSFOCUS CERT detected that Microsoft released the August Security Update patch, which fixed 111 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Visual Studio, and Microsoft Exchange Server. These include high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed […]

The post Microsoft’s August Security Update High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Microsoft’s August Security Update High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /html/saude/aplicar_medicamento.php. The manipulation of the argument id_fichamedica leads to sql injection. This vulnerability is known as CVE-2025-55168. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.7. It has been rated as critical. Affected by this issue is some unknown functionality of the file html/socio/sistema/download_remessa.php. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2025-55169. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Substance3D Viewer up to 0.25. Affected by this issue is some unknown functionality. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-49560. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Substance3D Viewer up to 0.25. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-49569. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Substance3D Sampler up to 5.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-54205. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Photoshop Desktop up to 25.12.3/26.8. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-49570. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Animate up to 23.0.12/24.0.9. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-49561. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe Animate up to 23.0.12/24.0.9. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2025-49562. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Artificial intelligence coding assistants, designed to boost developer productivity, are inadvertently causing massive system destruction.  Researchers report a significant spike in what they term “AI-induced destruction” incidents, where helpful AI tools become accidental weapons against the very systems they’re meant to improve. Key Takeaways1. AI assistants accidentally destroy systems when given vague commands with excessive […]

The post “AI-Induced Destruction” – New Attack Vector Where Helpful Tools Become Accidental Weapons appeared first on Cyber Security News.

社交媒体没有成为人们曾经期盼的健康的交流思想的乌托邦式的公共广场，而是创造出一种回音室，放大少数用户的声音，放大愤怒和冲突，进一步加剧极化。对社媒平台进行干预是否能缓解或修正部分它产生的问题？根据发表在 arXiv 上的一篇预印本，研究人员测试了六种干预策略，发现基本无效，除非从根本上改变社媒的架构，否则其问题无法得到修正。研究人员测试了对信息流按时间排序或随机排序；逆转促进互动的算法以降低情绪化内容的曝光度；促进观点的多元性；使用“桥接算法”促进相互理解而非煽动情绪的内容；隐藏转发和关注者账户等社交统计数据以减少社交影响力线索；删除个人简介以限制基于身份的信号曝光度。结果显示，部分干预措施只表现出略微改善的效果，部分措施可能进一步恶化了问题。比如对信息流按时间排序减少了注意力不平等，但进一步放大了极端内容。促进观点的多元性没有表现出任何显著的效果。

Microsoft has announced that in three months, devices running Windows 11 version 23H2 in the Home and Pro editions will cease to receive updates. Support for Enterprise and Education editions will continue until November...

The post Time to Update: Windows 11 23H2 Home and Pro Editions Are Losing Support Soon appeared first on Penetration Testing Tools.

Researchers at ETH Zurich have unveiled a novel attack against AMD’s SEV-SNP hardware isolation mechanism, enabling a hypervisor-level adversary to extract sensitive data from protected virtual machines. Dubbed Heracles, the attack demonstrates how to...

The post Heracles: New Attack Exploits AMD SEV-SNP to Steal Data from Protected VMs appeared first on Penetration Testing Tools.

Microsoft has resolved a known issue preventing the August 2025 Windows 11 24H2 cumulative update from being delivered via Windows Server Update Services (WSUS). [...]

The hacker groups ShinyHunters and Scattered Spider, once operating independently, now appear to have joined forces in a coordinated campaign to extort data from Salesforce’s corporate clients. As noted by ReliaQuest, ShinyHunters has undergone...

The post The Alliance of Chaos: How ShinyHunters and Scattered Spider Merged to Target Salesforce appeared first on Penetration Testing Tools.

Новая версия дистрибутива добавила защиту Kicksecure, улучшила Tor-шлюз и убрала Thunderbird.

Bitdefender researchers have identified a previously unknown cyber-espionage group, provisionally dubbed Curly COMrades. According to the report, the threat actors are focused on maintaining long-term, covert access to the infrastructure of Georgian governmental and...

The post Curly COMrades: The Stealthy Cyber-Espionage Group You Haven’t Heard Of appeared first on Penetration Testing Tools.