Aggregator

Explore how to build a tailored ICS/OT threat detection strategy. Gain insights into achieving deep visibility, addressing your threat landscape, and safeguarding critical operations from evolving cyber threats.

The post Building an ICS/OT Threat Detection Strategy appeared first on Sygnia.

Shopee信息安全团队招聘基础安全专家

Программа удержания экспертов превратилась в программу кормления бездарей — за $138 млн.

Analysis of nearly five million internet-exposed assets shows significant security gaps across major cloud platforms, with Google Cloud-hosted assets showing highest vulnerability rates. 

 

The post New Research Reveals One-Third of Cloud Assets Harbor Easily Exploitable Vulnerabilities appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 22 - A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit ...

日本百岁老人数量接近 10 万，创历史新高，其中最年长老人年龄 114 岁。根据日本厚生劳动省上周五公布的数据，截至 9 月，日本百岁老人数量 99,763 人，连续 55 年创新高。其中女性 87,784 名占 88%，男性 11,979 名。预期寿命提高主要归因于心脏病和常见癌症如乳腺癌和前列腺癌死亡人数减少。由于日本饮食中红肉摄入量较少、鱼类和蔬菜摄入量较高，肥胖率较低，而肥胖是导致上述两类疾病的主要因素。女性的肥胖率尤其低，这或许可以解释为什么日本女性预期寿命远高于男性。此外日本人在晚年仍然保持活跃，比美国和欧洲老年人更多地步行和使用公共交通工具。

英伟达与铠侠合作开发固态硬盘，计划于2027年实现1亿次随机IOPS，相当于当前主流SSD的33倍。该技术将应用于AI计算，并采用XL-Flash NAND技术提升性能。

Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI features are built directly into business tools. Employees often connect personal AI accounts to work devices or use unsanctioned services, making it difficult for security teams to monitor usage. Lanai says this lack of visibility … More →

The post Most enterprise AI use is invisible to security teams appeared first on Help Net Security.

快速浏览！2025.9.8—9.14安全动态周回顾。

在针对Salesloft的 data theft 攻击中，威胁者的主要目标是窃取Salesforce实例中的支持工单，进而从工单中收集凭据、身份验证令牌及其他敏感信息。

欧洲公司ValueLicensing因转售微软软件许可证被起诉，微软称其拥有版权且不允许转售。案件或影响欧洲二手软件市场合法性。

A vulnerability labeled as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. This vulnerability is identified as CVE-2025-10459. The attack can be executed remotely. Additionally, an exploit exists.

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character

Submit #648355 / VDB-323887

前陣子收到一封讀者來信，問我能不能寫一篇來講解 XSS without parentheses and semi-colons 這篇文章，說是這裡面的 payload 看不太懂。

因此，這篇就來簡單講解一下這些 payload，參考的原文是 Gareth Heyes 的這兩篇文章：

1. XSS technique without parentheses
2. XSS without parentheses and semi-colons

埃隆·马斯克的Grok AI推出Grok 4 Fast模式，可极速响应问题，仅限付费订阅用户使用且处于实验阶段。该模式响应速度快但模型能力可能较低。

Хакеры WhiteCobra превратили редакторы кода в орудие массового поражения.

文章介绍了二进制文件与文本文件的区别、魔数的作用及工具（如xxd、file）的应用，并通过解决Bandit Level 5挑战展示了如何识别和读取人类可读的二进制文件。

新闻评级公司 NewsGuard 调查了 10 款领先的生成式 AI 工具，分析了它们在回复中生成虚假新闻信息的比例。结果显示，2025 年 8 月，10 款 AI 工具在新闻主题上重复虚假信息的比例超过三分之一（35%），高于 2024 年 8 月的 18%。AI 公司并未兑现让 AI 更安全更可靠的承诺。生成虚假信息比例翻一倍的一大原因是今天的 AI 工具都支持联网查询，不再拒绝回答提问，它们不回复比例从 2024 年 8 月的 31% 下降到 2025 年 8 月的 0%，结果就是更多虚假信息。NewsGuard 认为攻击者正利用 AI 这一特点用各种方法洗白虚假信息，让 AI 模型无法区分内容农场和可信新闻渠道。

A vulnerability classified as problematic was found in Google Android. This vulnerability affects the function ss_ProcessReturnResultComponent of the file ss_MmConManagement.c. The manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2023-21224. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.