Aggregator

一位使用 AWS 云存储超过十年的 Ruby 开发者因账户被封导致海量数据被删除，无法恢复。问题源于 AWS 中东和北非团队的内部错误，该团队拒绝承认错误并试图掩盖。此事件凸显依赖单一云存储的风险。

Вчера — open source и сообщество, сегодня — платная поддержка и NDA.

A vulnerability has been found in Fujifilm DocuPrint CP225 w, DocuPrint CP228 w, DocuPrint CP115 w, DocuPrint CP118 w, DocuPrint CP116 w, DocuPrint CP119 w, DocuPrint CM225 fw, DocuPrint CM228 fw, DocuPrint CM115 w, DocuPrint CM118 w, Apoes 2150 N, Apoes 2350 NDA, Apoes 2150 ND and Apoes 2150 NDA and classified as critical. This vulnerability affects unknown code of the component Internet Printing Protocol/Line Printer Daemon. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-48499. The attack can be initiated remotely. There is no exploit available.

Submit #579544 / VDB-318641

A critical remote code execution vulnerability has been discovered in the popular NestJS framework that could allow attackers to execute arbitrary code on developer machines. The vulnerability, tracked as CVE-2025-54782, affects the @nestjs/devtools-integration package and has been assigned the highest severity rating due to its potential for complete system compromise through simple web-based attacks. Vulnerability […]

The post NestJS Vulnerability Allows Code Execution on Developer Machines appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

IBM released its Cost of a Data Breach Report, which revealed AI adoption is greatly outpacing AI security and governance. While the overall number of organizations experiencing an AI-related breach is a small representation of the researched population, this is the first time security, governance and access controls for AI have been studied in this report, which suggests AI is already an easy, high value target. The AI oversight gap 13% of organizations reported breaches … More →

The post Average global data breach cost now $4.44 million appeared first on Help Net Security.

未管理的非人类身份（NHI）数量激增56%，由AI和自动化推动。这些身份暴露了大量企业机密，尤其在协作工具中。部分机器身份拥有过高权限，增加安全风险。专家建议实施最小权限原则和生命周期管理以降低威胁。

Unmanaged machine identities have continued to tick up at a rapid clip, furthering a trend that finds non-human identities (NHIs) outpacing human accounts — and, to the chagrin of security experts, exposing credentials, new research on the first half of 2025 reveals. 

The post NHIs Continue to Outpace Human Identities and Bump Up Security Risk  appeared first on Security Boulevard.

Сжатие без риска — новая версия 7-Zip заботится о вашей системе.

A vulnerability, which was classified as critical, was found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6813, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8196, MT8370, MT8390 and MT8676. This affects an unknown part of the component DA. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-20696. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8196, MT8391, MT8676, MT8678, MT8775, MT8786, MT8788E, MT8792, MT8796, MT8873, MT8883 and MT8893. Affected by this issue is some unknown functionality of the component Power HAL. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-20698. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in MediaTek MT2718, MT6761, MT6765, MT6768, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6889, MT6893, MT6897, MT6989, MT6991, MT8186, MT8196, MT8391, MT8678, MT8775, MT8786, MT8788E, MT8792, MT8796, MT8873, MT8883 and MT8893. Affected by this vulnerability is an unknown functionality of the component Power HAL. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-20697. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

Hashcat is an open-source password recovery tool that supports five attack modes and more than 300 highly optimized hashing algorithms. It runs on CPUs, GPUs, and other hardware accelerators across Linux, Windows, and macOS, and includes features for distributed password cracking at scale. Hashcat 7.0.0 touches over 900,000 lines of code and welcoming contributions from 105 developers, including 74 first-timers. The update rolls all previously unannounced 6.2.x features into a single, well-documented release, setting a … More →

The post Open-source password recovery utility Hashcat 7.0.0 released appeared first on Help Net Security.

A vulnerability classified as critical has been found in thiagoralves OpenPLC v3 up to 9cd8f1b53a50f9d38708096bfc72bcbb1ef47343. Affected is an unknown function of the file /edit-user. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-54962. It is possible to launch the attack remotely. There is no exploit available.

文章探讨了以太坊超越比特币的价值，强调其作为去中心化世界基石的作用。以太坊不仅支持智能合约、DeFi协议和NFT创建，还拥有强大的开发者社区和丰富的工具生态。通过The Merge升级和Layer 2解决方案，以太坊实现了更高的安全性和效率。作者认为以太坊不仅是数字货币，更是推动Web3创新的基础设施。

Revenant 是一个基于 C++ 的轻量级框架，通过 HTTP 实现高效的命令与控制（C2）基础设施。它利用 HTTP GET/POST 请求建立可靠命令通道，并支持多设备跨平台操作。框架内置 Cloudflared 隧道集成、加密传输和日志记录功能，隐蔽性强且高效灵活。

文章介绍了亚马逊弹性容器服务（EKS）的增强功能——EKS Auto Mode，该功能通过自动化基础设施管理简化了Kubernetes集群的操作，支持计算、网络、存储和扩展，并与AWS服务深度集成。其主要特点包括自动节点生命周期管理、安全更新、成本优化及高度定制化配置。文章还详细说明了如何创建和禁用EKS Auto Mode集群，并介绍了其定价模式。

本文介绍了一种结合CAI框架、PortSwigger实验室和大语言模型（LLM）进行自动化渗透测试的方法。通过设置环境变量、配置CAI和PortSwigger机器人，用户可以利用Red Team Agent自动识别并利用漏洞，生成详细报告。该方法展示了AI在网络安全中的强大应用潜力。

文章讨论了 Amazon S3 存储管理的挑战，指出基于时间的生命周期规则存在不足，并提出通过结合 S3 存储清单、AWS Athena 分析和 AWS Lambda 自动化来实现更智能的清理策略。该方法利用元数据、标签和使用模式进行精准识别和操作，并强调了最佳实践如分阶段验证、严格日志记录和成本优化的重要性。