Aggregator

A vulnerability classified as critical has been found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. Affected by this vulnerability is an unknown functionality of the component BACNet Service. Performing manipulation results in incorrect permission assignment. This vulnerability is known as CVE-2024-41974. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. It has been classified as critical. The affected element is an unknown function of the component File Handler. Performing manipulation results in path traversal. This vulnerability is identified as CVE-2024-41971. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. It has been declared as critical. The impacted element is an unknown function of the component File Handler. Executing manipulation can lead to path traversal: '.../...//'. This vulnerability is tracked as CVE-2024-41972. The attack can be launched remotely. No exploit exists.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002. It has been rated as problematic. This affects an unknown function of the component File Handler. The manipulation leads to path traversal: '.../...//'. This vulnerability is listed as CVE-2024-41973. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in WAGO CC100 0751-9x01, PFC100 G2 0750-811x-xxxx-xxxx, PFC200 G2 750-821x-xxx-xxx, TP600 0762-420x, 8000-000x, TP600 0762-430x, TP600 0762-520x, TP600 0762-530x, TP600 0762-620x, TP600 0762-630x, Edge Controller 0752-8303 and 8000-0002 and classified as problematic. Impacted is an unknown function of the component Diagnostic Data Handler. Such manipulation leads to incorrect permission assignment. This vulnerability is referenced as CVE-2024-41970. It is possible to launch the attack remotely. No exploit is available.

Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery

AI赋能：安全大模型重构安全运营

想了解大模型业务系统中的安全风险以及主要安全供应商都有那些？请查看这份研究报告

Cybersecurity breaches often stem not from advanced exploits but from human error, misconfigurations, and routine mistakes. True resilience comes from designing systems that expect failure, leverage automation wisely, and foster a security-first culture through simulations, guardrails, and psychological safety.

The post Can We Really Eliminate Human Error in Cybersecurity?  appeared first on Security Boulevard.

文章指出网络安全的核心问题在于人类行为而非技术漏洞。人为错误如点击恶意链接、重复密码等是主要威胁。设计应考虑人类本能和压力下的反应，通过模拟攻击、自动化工具和红队演练提升安全性，并建立支持员工报告问题的文化环境。

文章探讨了人工智能的普及及其背后的计算机制，解释了人工神经网络的工作原理及其与生物神经系统的区别，并提出用“高级推理”重新定义AI以更准确地反映其能力。

Ook Nederland is doelwit geweest van de wereldwijde cyberspionagecampagne van de Chinese hackorganisatie Salt Typhoon. Dat melden de Nederlandse inlichtingen- en veiligheidsdiensten MIVD en AIVD vandaag.

印度新德里法庭上周批准了三大期刊出版商 Elsevier、Wiley 和 American Chemical Society 的请求，命令电信公司在三天内在印度屏蔽访问 Sci-Hub 和 Sci-Net。此后印度网民将只能通过 VPN 等工具访问 Sci-Hub。Sci-Hub 创始人 Alexandra Elbakyan 解释了该平台自 2022 年停止发布新论文的原因：多数大学图书馆推行了双因素身份验证，它无法再使用学生或研究人员的共享用户名和密码自动登录图书馆下载新论文。为了获取新论文，她创建了基于区块链的新平台 Sci-Net，2025 年 4 月上线，但该项目很快遭到了期刊出版商的投诉。她谴责了印度司法机构会为了少数富有外国公司的利益而忽视印度学生和研究人员的需求。

黑客利用Salesloft平台窃取OAuth令牌，进而访问Drift AI聊天机器人相关数据。威胁组织UNC6395通过这些令牌从Salesforce获取大量信息，包括AWS和Snowflake凭证。Google Threat Intelligence Group和Mandiant已介入调查，并建议受影响组织撤销API密钥并轮换凭证以应对潜在风险。

Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat […]

Common Mark Certificates (CMC) and Verified Mark Certificates (VMC) both enable brand logos in email inboxes via BIMI, boosting trust, security, and deliverability. The key difference? VMCs require trademark validation and show a blue checkmark in Gmail, while CMCs are faster and more affordable but have limited support. Learn which option fits your email security and branding goals.

The post What’s the difference between CMC and VMC certification? appeared first on Security Boulevard.

Common Mark Certificates (CMC)和Verified Mark Certificates (VMC)通过BIMI标准在邮箱中显示品牌Logo，增强信任和安全性。VMC需商标验证并在Gmail显示蓝色勾选标记，而CMC更快速、经济但支持有限。选择取决于品牌目标、商标状态及预算。

NetScaler has issued an urgent advisory warning administrators of three newly discovered vulnerabilities in NetScaler ADC and NetScaler Gateway—one of which is already being actively exploited. Updates are now available, and the vendor strongly...

The post CVE-2025-7775: NetScaler Zero-Day Is Under Active Attack appeared first on Penetration Testing Tools.

Mozilla Firefox发布v142.0.1错误修复版，解决标签拖动、文本光标、游戏手柄崩溃等问题。用户可通过关于页面、离线安装或微软商店更新，并根据处理器选择64位或Arm64版本。

A newly discovered critical vulnerability in Docker Desktop has placed Windows users at significant risk. Tracked as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale, the flaw enables attackers to bypass...

The post Critical Docker Desktop Flaw Allows Attackers to Escape Containers and Hijack the Host appeared first on Penetration Testing Tools.