Aggregator

2025 — оплата через Antarctic и Telegram. 2026 — статья и конфискация.

Cloud is the battleground attackers love most. New data from 796 teams shows most organizations aren’t quite ready. How do your defenses measure up?

KDE 项目官方博客宣布了 KDE Plasma 6.5 的一项重大视觉更新：窗口支持圆角了。Plasma 6.5 预计将于 2025 年 10 月 21 日释出。开发者称，窗口圆角是用户期盼已久的功能，甚至社区有第三方插件 kde-rounded-corners 提供圆角支持。官方支持意味着对第三方方案需求的减少。在 Plasma 6.5 中，窗口圆角将默认启用，但为喜欢旧外观的用户提供了一个选项。

FreeBuf.COM是一个网络安全行业门户，提供安全资讯、技术剖析以及涵盖云安全、AI安全等分类目录的内容，并包含行业服务如政府机构合作和会员体系等信息。

Nederlandse mariniers trainen momenteel om hun militaire inzetbaarheid te verbeteren. Dat gebeurt in de Indo-Pacific tijdens de tweejaarlijkse oefening Talisman Sabre. Deze wordt geleid door Australië en de Verenigde Staten.

Даже USB может быть вредоносным — как обезопасить гаджеты в путешествии.

A vulnerability was found in WordPress up to 6.8.2. It has been declared as problematic. This vulnerability affects unknown code of the component XML-RPC Request Handler. The manipulation leads to incorrect resource transfer. This vulnerability was named CVE-2025-54352. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as very critical has been found in Simopro WinMatrix3 up to 3.8.51.1. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-7916. It is possible to launch the attack remotely. There is no exploit available.

当前环境出现异常，需完成验证后方可继续访问。

量子时代即将来临。 各大科技公司纷纷宣布在“量子优势”、“量子纠错”和“量子网络”方面取得突破性进展。

Kaspersky发现针对非洲政府IT服务的定向攻击，由APT41实施。攻击者利用Impacket工具、WmiExec和Atexec模块进行权限提升和横向移动，并通过Cobalt Strike进行C2通信。他们使用DLL侧加载技术隐藏恶意活动，并利用Pillager、Checkout、RawCopy和Mimikatz等工具收集敏感数据。最终通过SMB协议和Web壳将数据外泄至被俘虏的SharePoint服务器。

第四期少数派共创开放日将于7月30日下午在深圳举办，内容包括会员新季启动介绍、嘉宾分享产品打造经验、项目分享及互动交流等。活动免费限20人报名需填问卷。

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2025-7948. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. This vulnerability is traded as CVE-2025-7947. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search-visitor.php of the component HTTP POST Request Handler. The manipulation of the argument searchdata leads to cross site scripting. The identification of this vulnerability is CVE-2025-7946. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #619277 / VDB-317089

Submit #619276 / VDB-317088

Meta以80亿美元和解隐私诉讼；超百万儿童及家庭信息被泄露；Meta AI漏洞可暴露隐私；Google修复Chrome六安全漏洞；前美军上校因泄密面临十年监禁。