Aggregator

Новый режим в Cursor сделает за вас что угодно. И именно это пугает больше всего.

直播预告 | 中国互联网大会大模型安全发展论坛

《全球数据泄露态势月度报告》（2025年6月）

NASA X-59 Quess 低音爆超音速飞机于 7 月 10 日在加州美国空军 Plant 42 工厂完成了首次低速滑行测试。滑行测试是首飞前的最后一组地面测试。接下来的几周飞机将逐渐提高速度，进行高速滑行测试至接近起飞点。X-59 由洛克希德马丁著名的臭鼬工厂设计，设计能突破音速但同时不会有超音速飞机通常会产生的音爆。Quest 会产生更安静的“砰砰声”，类似室内听到关车门的声音。如果 X-59 成功它有望对超音速飞行和航空业产生革命性影响。X-59 的外形设计减少飞机产生的音爆，它没有前向窗户，而是通过摄像头和显示屏为飞行员提供飞机前方的外部视觉系统。

Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out.

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software

Куда пропали украденные миллионы и почему их всё ещё можно спасти?

作者：Liang Lin, Zhihao Xu, Xuehai Tang, Shi Liu, Biyu Zhou, Fuqing Zhu, Jizhong Han, Songlin Hu 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2507.13474v1 内容警告：本文包含模型生成的不安全内容。 摘要 大型语言模型（LLMs）的安全性受到了...

本文为私人文章，暂不公开

数字便捷的背后，是否也埋下了信息安全失控的导火索？复旦大学安全团队深度揭示小程序生态的系统性安全风险。

勒索软件组织 Akira 通过猜测员工的弱密码入侵了一家英国北安普敦郡运输公司 KNP 的计算机系统，加密系统勒索赎金。KNP 有 158 年历史，有 700 名员工。报道称，黑客没有披露赎金金额，一家专业勒索软件谈判公司估计赎金可能高达 500 万英镑。该公司没有这么多钱，以及显然没有备份，这起事件最终导致了公司倒闭。

Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface. HPE disclosed hardcoded credentials in Aruba Instant On Wi-Fi devices that allow attackers to bypass login and access the web interface. The flaw tracked as CVE-2025-37103 (CVSS score of 9.8) impacts devices running firmware version 3.2.0.1 […]

A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. This vulnerability is handled as CVE-2025-8019. The attack may be launched remotely. Furthermore, there is an exploit available.

Один скрытый файл на корпоративном сервере позволил удалённо управлять всей инфраструктурой.

本指南提供清晰的技术路径与实践建议，支持香港稳定币生态的健康发展。

A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/reservation_page.php. The manipulation of the argument reg_Id leads to sql injection. This vulnerability is known as CVE-2025-8018. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-8017. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #619530 / VDB-317222

A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...

The post SharePoint Under Siege: New Zero-Day (CVE-2025-53770) Actively Compromises 100+ Global Organizations appeared first on Penetration Testing Tools.