Aggregator

当前环境出现异常，需完成验证后方可继续访问。

有些事是一定要做的！

六月份发布内容概述文章，属于 Announcement 类别，作者 Didier Stevens 于 0:00 发布，目前无评论。

全力以赴，筑牢首都网络安全屏障。

A vulnerability was found in Mattermost up to 9.11.15/10.5.5/10.6.5/10.7.2/10.8.0. It has been classified as problematic. Affected is an unknown function of the component Run Metadata API Endpoint. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2025-47871. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Frappe up to 14.94.2/15.57.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-52895. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Frappe up to 14.94.1/15.56.x. This issue affects some unknown processing of the component Data Import. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-52896. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Akamai CloudTest 58.30. It has been classified as critical. Affected is an unknown function. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-52491. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell ControlLogix controllers up to 20. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2012-6439. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Mattermost up to 9.11.15/10.5.5/10.6.5/10.7.2/10.8.0 and classified as critical. This vulnerability affects unknown code of the component Private Channel Handler. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-46702. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell ControlLogix controllers up to 20. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2012-6440. The attack can be launched remotely. There is no exploit available.

全球每日动态新增柬埔寨、索马里。

今天给大家推送美国外交关系委员会发表的三篇分析泰国政变可能性的文章。

本期周报简介：1、数据跨境合规：在跨国企业内部沟通中，如何通过技术手段与合规管理有效规避敏感数据跨境传输风险？ 2、越权访问防控：针对接口参数篡改导致的越权问题，如何通过权限SDK化、Token强绑定及开发流程规范实现系统性防控？

Windows 11 Revamp Means No Kernel Access Required for Third-Party Security Tools
Nearly one year after a faulty CrowdStrike software update disrupted 8.5 million Windows hosts, causing global IT chaos, Microsoft is previewing multiple resilience changes to Windows, including enabling third-party endpoint security tools to do their magic without needing kernel-level access.

DOJ Indictments, Enforcement Actions Follow Nationwide Search for 'Laptop Farms'
Federal prosecutors announced major enforcement actions after a North Korean crime ring used stolen IDs, fake websites and U.S. shell firms to embed IT workers inside more than 100 American companies, stealing data and laundering over $5 million to fund Pyongyang's weapons programs.

Sydney Trains' Maryam Shoraka on Identifying the Blind Spots in OT Systems
IT organizations can apply multiple frameworks to help reduce risk, but relying on them in OT environments could create blind spots. Security leaders must rethink compliance-driven strategies and adapt controls to meet the unique demands of industrial systems, said Sydney Trains' Maryam Shoraka.

Horizon Healthcare RCM Hints at Paying Ransom in Data Theft Incident
Horizon Healthcare RCM is the latest revenue cycle management software vendor to report a health data breach involving ransomware and data theft. The firm's breach notification statement suggests that the company paid a ransom to prevent the disclosure of its stolen information.