Aggregator

在上周举行的 RISC-V 中国峰会上，英伟达宣布 CUDA 软件将支持 RISC-V 处理器。随着数据中心市场对 RISC-V 架构处理器的兴趣日益增长，英伟达为其 CUDA 软件加入 RISC-V 支持并不太出人意料。CUDA 目前主要支持 x86_64 和 AArch64 系统。英伟达的竞争对手 AMD 的内核计算驱动 AMDKFD 以及用户空间组件 ROCm 都支持在 RISC-V 上构建，AMDKFD/ROCm 甚至支持龙芯的 LoongArch 处理器。

A vulnerability was found in Microsoft SharePoint Enterprise Server 2016/2019/Subscription Edition. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-53771. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordPress up to 6.8.2. It has been declared as problematic. This vulnerability affects unknown code of the component XML-RPC Request Handler. The manipulation leads to incorrect resource transfer. This vulnerability was named CVE-2025-54352. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Westermo WeOS up to 5.24.4. It has been classified as problematic. This affects an unknown part of the component Syslog. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-54319. It is possible to initiate the attack remotely. There is no exploit available.

Cybersecurity firm Expel, in an update shared on July 25, 2025, said it's retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device. "The evidence does show the targeted user's credentials (username and password) being phished and that the attacker

研究人员发现一种新型网络攻击技术，攻击者利用跨设备登录功能和伪装的企业登录页面欺骗用户批准认证请求，绕过FIDO密钥保护机制。该技术通过混合传输方法生成并展示QR码，诱导用户使用MFA应用扫描后实现对账户的非法访问。这种攻击不依赖于FIDO协议漏洞，而是滥用合法功能进行降级认证。为防范此类威胁，建议加强设备验证和监控异常登录行为。

A vulnerability was found in Microsoft SharePoint Enterprise Server 2016/2019/Subscription Edition and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-53771. The attack may be launched remotely. Furthermore, there is an exploit available.

HPE предупреждает об уязвимости в Aruba Instant On.

According to LinkedIn, job applications have surged over 45% in the past year, with 11,000 applications submitted every minute. This flood of applications is making it harder than ever for qualified candidates to stand out. The industry has become highly specialized. Gone are the days when you could land a job simply by calling yourself a generalist: hiring is based on specific skills that match defined roles. Know the role you’re applying for If you’re … More →

The post How to land your first job in cybersecurity appeared first on Help Net Security.

快速浏览！2025.7.14—7.20安全动态周回顾。

Konfety自称是一款合法的应用程序，模仿谷歌Play上的无害产品，但没有任何承诺的功能。恶意软件的功能包括将用户重定向到恶意网站，推送不需要的应用程序安装，以及虚假的浏览器通知。

当前环境出现异常问题,需完成验证操作后才能继续访问,可点击"去验证"进行处理。

当前环境出现异常,需完成验证后方可继续访问。

2011 年 311 大地震以及福岛核事故之后，日本暂停了国内所有核电站的运营，甚至一度考虑退役现有的核电站。现在日本关西电力公司准备启动新一代核电站的建设，将在美浜核电站（福井县美浜町）的用地内开始地质调查工作。这是 14 年以来日本首次有核电站的新建或扩建计划进入具体化阶段。此举也标志着日本政府为实现脱碳目标而视为关键手段的核电利用开始迈出实质性步伐。日本上一次新建核电站是在 2009 年启用的北海道电力泊核电站 3 号机组。此次关西电力设想建设的是被认为具有较高安全性的“创新型轻水反应堆”等新一代核电站。

攻击者会利用对操作系统内部机制的深入理解来绕过表层防御

当前环境异常，请完成验证后继续访问。

A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms of multifactor authentication (MFA) available today. Security researchers have identified this adversary-in-the-middle (AitM) attack, attributed to the PoisonSeed threat group, which demonstrates how attackers can circumvent hardware-based authentication protections through […]

The post PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Вы уверены в своих зависимостях?

文章介绍了HTTP协议的发展历程，从HTTP/0.9到HTTP/3.0的演变过程，并探讨了内容协商机制和工具如Burp Suite的工作原理。