【安全圈】疑似朝鲜黑客的9GB数据,曝光攻击工具与行动记录遭泄露
关键词数据泄露在全球最大的黑客大会之一 DEF CON 上,传奇黑客刊物 Phrack 迎来创刊 40 周年之
Aggregator
【安全圈】重大泄密!台外事部门机密文件再次在暗网被打包售卖
1 month 2 weeks ago
关键词数据泄露“台外事部门”近日被曝出疑似电子公文外流,并在暗网兜售,引发各界关注。
The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions
1 month 2 weeks ago
Most security tools can’t see what happens inside the browser, but that’s where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the browsers employees already use and trust.
The Ultimate Battle: Enterprise Browsers vs. Enterprise Browser Extensions
The Hacker News
Китай испытал связку «посадка — взлёт» пилотируемого аппарата Lanyue для высадки на Луну
1 month 2 weeks ago
Пока NASA буксует, Китай проходит путь от чертежей до реальных испытаний за полгода.
CVE-2023-1825 | GitLab Enterprise Edition Project Export information disclosure (Issue 384035 / EUVD-2023-24027)
1 month 2 weeks ago
A vulnerability, which was classified as problematic, has been found in GitLab Enterprise Edition. Affected by this issue is some unknown functionality of the component Project Export Handler. The manipulation leads to information disclosure.
This vulnerability is handled as CVE-2023-1825. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-8874 | Master Addons Plugin up to 2.0.8.6 on WordPress FancyBox cross site scripting (EUVD-2025-24226)
1 month 2 weeks ago
A vulnerability has been found in Master Addons Plugin up to 2.0.8.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component FancyBox. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-8874. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-8418 | B Slider Plugin up to 1.1.30 on WordPress Plugin Installation activated_plugin authorization (EUVD-2025-24224)
1 month 2 weeks ago
A vulnerability was found in B Slider Plugin up to 1.1.30 on WordPress and classified as critical. Affected by this issue is the function activated_plugin of the component Plugin Installation Handler. The manipulation leads to missing authorization.
This vulnerability is handled as CVE-2025-8418. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-41686 | Phoenix Contact DaUM prior 2025.3.1 nssm.exe missing authentication (VDE-2025-063 / EUVD-2025-24230)
1 month 2 weeks ago
A vulnerability, which was classified as critical, was found in Phoenix Contact DaUM. This affects an unknown part of the file nssm.exe. The manipulation leads to missing authentication.
This vulnerability is uniquely identified as CVE-2025-41686. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
关注 | 加快公共数据资源开发利用,北京发布20条实施意见
1 month 2 weeks ago
为深入贯彻《中共中央办公厅、国务院办公厅关于加快公共数据资源开发利用的意见》,建立健全本市公共数据资源开发利用制度机制,持续推进公共数据高质量供给,经北京市委市政府同意,发布20条实施意见。
通知 | 数据基础设施3项技术文件、可信数据空间3项技术文件公开征求意见
1 month 2 weeks ago
在国家数据局指导下,全国数据标准化技术委员会秘书处牵头研制了数据基础设施3项技术文件、可信数据空间3项技术文件(见附件1-6),经研究讨论、修改完善,形成技术文件征求意见稿。
专家解读|让人民群众在信息化发展中有更多获得感、幸福感、安全感——从公众和企业视角看2024年我国信息化发展特点
1 month 2 weeks ago
近日,国家互联网信息办公室发布《国家信息化发展报告(2024年)》(以下简称《报告》),系统总结2024年我国信息化发展新成效,评估分析全国信息化发展水平,展望信息化发展形势和下一步重点方向,为各地区、各部门推进信息化发展提供了重要参考。
刘烈宏:以法治之力推动政务数据价值充分释放
1 month 2 weeks ago
政府部门在履职过程中收集和产生的政务数据,是国家重要的基础性战略资源。近期,《政务数据共享条例》(以下简称《条例》)正式出台,并于2025年8月1日起施行。
网安行业AI应用落地元年 360提出了“以模制模”的战术打法
1 month 2 weeks ago
要做好AI大模型应用的安全,需要懂AI、懂安全、在AI业务上进行大量实践和AI安全语料的长期积累。
ISC.AI 2025威胁情报技术论坛落幕 大情报生态联盟启幕安全新篇
1 month 2 weeks ago
凝聚行业协同之力 多方共建威胁情报新生态!
CVE-2021-4154 | Linux Kernel cgroup v1 Parser cgroup-v1.c cgroup1_parse_param syscall use after free (Bug 2034514 / Nessus ID 248388)
1 month 2 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function cgroup1_parse_param of the file kernel/cgroup/cgroup-v1.c of the component cgroup v1 Parser. The manipulation of the argument syscall leads to use after free.
This vulnerability is traded as CVE-2021-4154. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-26818 | Linux Kernel up to 6.6.17/6.7.5 rtla buffer overflow (8a585914c266/6bdd43f62ab3/30369084ac6e / Nessus ID 248397)
1 month 2 weeks ago
A vulnerability has been found in Linux Kernel up to 6.6.17/6.7.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component rtla. The manipulation leads to buffer overflow.
This vulnerability is known as CVE-2024-26818. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2021-47284 | Linux Kernel up to 5.12.10 nj_probe netjet.c denial of service (Nessus ID 248398)
1 month 2 weeks ago
A vulnerability has been found in Linux Kernel up to 5.12.10 and classified as critical. This vulnerability affects unknown code of the file netjet.c of the component nj_probe. The manipulation leads to denial of service.
This vulnerability was named CVE-2021-47284. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-43620 | Croc up to 9.6.5 Escape Sequence escape output (Issue 595 / EUVD-2023-2400)
1 month 2 weeks ago
A vulnerability was found in Croc up to 9.6.5. It has been rated as critical. Affected by this issue is some unknown functionality of the component Escape Sequence Handler. The manipulation leads to escaping of output.
This vulnerability is handled as CVE-2023-43620. The attack needs to be initiated within the local network. There is no exploit available.
vuldb.com
AI工具“沉浸式翻译”被曝泄露隐私,用户保单、合同遭公开
1 month 2 weeks ago
研究员现场展示黑掉卫星的“一万种方法”
1 month 2 weeks ago
该团队在卫星软件供应链组件上发现了大量漏洞,可以花式展示各类黑掉卫星的方法