Aggregator

当前环境出现异常提示，请完成验证后继续访问。

7月│月报 谛听工控安全月报上线了，工信部的最新政策，7月发生的多起工控安全事件，谛听团队收集的最新攻击教据......更多安全资讯，请关注“谛听ditecting",每月更新!

CSOP 2025·北京站 亮点前瞻

美国用户起诉微软计划于2025年停止支持Windows 10系统,认为此举旨在推广AI PC,要求至少支持至市场份额低于10%,并披露操作系统支持周期及终止后果。

该实验通过Nmap和Metasploit工具对目标服务器进行端口扫描和服务探测，旨在掌握不同扫描方式的应用及工具操作。

GitHub CEO托马斯·多姆克宣布辞职，并将留任至2025年底以协助过渡。GitHub将被并入微软CoreAI团队成为子部门，不再设CEO职位。自2018年被微软以75亿美元收购以来，GitHub一直保持独立运营。

KISS Translator 是一款开源免费的全能翻译插件，支持网页双语对照翻译、划词翻译、悬浮翻译等功能，并可调用多种 AI API 服务。适合外语学习者、科研工作者及技术开发人员使用。

为深化情报学领域的人才培养战略，激发学生对开源情报分析的热情，强化学生在数据采集、深度分析及情报应用等方面的综合技能.特举办“第三届全国大学生开源情报数据采集与分析大赛”。

俄罗斯情报体系包含多个重叠且竞争的机构，主要机构包括联邦安全局（FSB）、对外情报局（SVR）、总参谋部情报总局（GRU）、联邦保卫局（FSO）等。

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 67.x. Affected is an unknown function of the component Network Security Services. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2019-11727. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mbed TLS up to 2.28.9/3.6.2. This affects the function mbedtls_ssl_set_hostname. The manipulation of the argument Hostname leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-27809. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in GNU C Library up to 2.33. This issue affects the function parse_param of the file posix/wordexp.c. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2021-35942. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

PrivacyCheckGo 是一款基于Go语言开发的敏感信息检测工具

谷歌向发现Chrome沙盒逃逸漏洞的研究人员奖励25万美元，创Chrome VRP计划最高纪录。该高危漏洞已修复并公开细节。

NIST's Apostol Vassilev Explains Need for Dynamic Response, Not Static Testing
As AI models grow in scale and power, leading to even more unpredictable outcomes, security teams are grappling with how to defend technologies that some experts can't begin to fully comprehend. Cyber response teams are exploring the practice of continuous red teaming, said NIST's Apostol Vassilev.

Tokio Marine HCC Targets Vulnerabilities Before They’re Exploited
With ransomware incidents at record highs, Tokio Marine HCC integrates dark web monitoring, vulnerability scanning and incident data into its underwriting process to help clients close gaps and lower the chance of costly breaches.

At Least 918K Affected in 2024 BianLian Data Theft Attack
A New York-based pediatric practice and its managed services vendor have agreed to pay $5.15 million to settle a proposed class action lawsuit stemming from a 2024 data theft attack affecting more than 918,000 people and allegedly carried out by cybercrime gang BianLian.

NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure
A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure.

On August 3rd, 2025 GreyNoise observed a significant spike in brute-force traffic targeting Fortinet SSL VPNs. Over 780 unique IPs triggered our Fortinet SSL VPN Bruteforcer tag in a single day — the highest single-day volume seen on this tag in recent months.