Aggregator
权威科研认可︱悬镜安全入选“软件融合应用与测试验证工信部重点实验室2025年度开放课题”
2 months 2 weeks ago
再获国家级机构认可!
权威科研认可︱悬镜安全入选“软件融合应用与测试验证工信部重点实验室2025年度开放课题”
2 months 2 weeks ago
当前网络环境出现异常状态,需完成验证后方可继续访问相关内容或服务,并提供验证选项。
AI首次成为美国头号白帽黑客,背后公司近一年融资超8亿元
2 months 2 weeks ago
AI攻防、机器竞速的时代正在来临
AI首次成为美国头号白帽黑客,背后公司近一年融资超8亿元
2 months 2 weeks ago
当前环境出现异常,需完成验证后才能继续访问。
2022-2024年俄罗斯针对乌克兰网络战的发展演变
2 months 2 weeks ago
乌克兰安全机构分析战争期间的俄罗斯网络攻击策略演进
2022-2024年俄罗斯针对乌克兰网络战的发展演变
2 months 2 weeks ago
当前环境出现异常,需完成验证后方可继续访问。
Smart-LLaMA-DPO:用于可解释智能合约漏洞检测的强化大型语言模型
2 months 2 weeks ago
作者:Lei Yu, Zhirong Huang, Hang Yuan, Shiqi Cheng等
译者:知道创宇404实验室翻译组
原文链接:https://arxiv.org/html/2506.18245v1
摘要:智能合约漏洞检测是区块链领域中一个关键的挑战。现有的漏洞检测方法面临两个主要问题:(1) 现有的数据集缺乏全面性和足够的质量,漏洞类型覆盖有限,且在偏好学习中对高质量和低质...
Smart-LLaMA-DPO:用于可解释智能合约漏洞检测的强化大型语言模型
2 months 2 weeks ago
错误代码521表示Cloudflare无法连接到源服务器,通常因源服务器关闭、过载或网络配置问题导致。
安装VMware软件更新和补丁都是违反合同行为 博通对部分客户发出审计通知
2 months 2 weeks ago
博通收购VMware后废除永久许可证改订阅制,并通过审计逼迫企业重新签订订阅许可。
评分10.0!思科警告 ISE 曝最高危 RCE 漏洞
2 months 2 weeks ago
HackerNews 编译,转载请注明出处: 思科近日发布安全公告,警告其身份服务引擎(ISE)及被动身份连接器(ISE-PIC)存在两个未认证的远程代码执行(RCE)漏洞(编号CVE-2025-20281与CVE-2025-20282),均被评定为最高危级(CVSS评分:10.0)。其中CVE-2025-20281影响ISE与ISE-PIC的3.3和3.4版本,而CVE-2025-20282仅影响3.4版本。 漏洞原理与影响 CVE-2025-20281:特定API对用户输入验证不足,未认证攻击者可构造恶意API请求,以root权限执行任意操作系统命令。 CVE-2025-20282:内部API文件校验机制缺陷,攻击者可向特权目录上传任意文件并以root权限执行。 思科ISE作为企业级网络访问控制与策略执行平台,广泛应用于政府、高校及大型企业网络核心层。成功利用上述漏洞可实现设备完全接管,无需用户交互或认证凭证。目前尚无活跃攻击迹象,但强烈建议优先修复。 修复方案 升级至3.3 Patch 6(补丁号:ise-apply-CSCwo99449_3.3.0.430_patch4)或更高版本 升级至3.4 Patch 2(补丁号:ise-apply-CSCwo99449_3.4.0.608_patch1)或更高版本 注:无临时缓解措施,必须安装安全更新。 关联漏洞 同步披露的中危认证绕过漏洞CVE-2025-20264影响所有3.4及更早版本。该漏洞源于SAML单点登录集成授权缺陷,攻击者可利用合法凭证修改系统配置或重启设备。修复方案: 3.4版本需升级至Patch 2 3.3版本需升级至Patch 5 3.2版本预计2025年11月通过Patch 8修复 注:3.1及更早版本已停止支持,需迁移至新版本。 消息来源: bleepingcomputer; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews
评分10.0!思科警告 ISE 曝最高危 RCE 漏洞
2 months 2 weeks ago
文章介绍了错误代码521的原因及解决方法。该错误通常由服务器连接问题、网络配置错误或DNS设置不当引起。建议检查服务器状态、确认网络配置是否正确、排查DNS设置,并联系相关服务提供商寻求帮助以解决问题。
[CVE-2025-49144] 超详细复现notepad++提权漏洞
2 months 2 weeks ago
文章详细描述了利用Notepad++提权漏洞CVE-2025-49144进行钓鱼攻击并获取system权限的过程,包括恶意文件释放、反弹shell实现及攻击复现步骤。
How Virtual CISO Enhancements Will Help MSPs Grow Operations
2 months 2 weeks ago
Why Cynomi's Embrace of AI-Driven Security Tools Will Drive MSP and MSSP Efficiency
Cynomi’s recent Series B funding round will deepen AI features, expand its Solution Showcase and enable managed service providers to deliver cybersecurity at scale. CEO David Primor says the company is building the operating system for MSP and MSSP cyber operations.
Cynomi’s recent Series B funding round will deepen AI features, expand its Solution Showcase and enable managed service providers to deliver cybersecurity at scale. CEO David Primor says the company is building the operating system for MSP and MSSP cyber operations.
Nationwide Recovery Service Hack Grows to 500,000 Victims
2 months 2 weeks ago
Debt Collector's 2024 Data Breach Affected Multiple Hospitals and Medical Practices
The list of healthcare sector clients reporting large health data breaches from the 2024 hack on debt collection firm Nationwide Recovery Service continues to grow, as does the vast number of affected patients. So far, the hack has affected at least 500,000 patients.
The list of healthcare sector clients reporting large health data breaches from the 2024 hack on debt collection firm Nationwide Recovery Service continues to grow, as does the vast number of affected patients. So far, the hack has affected at least 500,000 patients.
Breach Roundup: UK NHS Links Patient Death to Ransomware Attack
2 months 2 weeks ago
Also, O Canada, Oh Brother and More Probable Chinese Hacking
This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice.
This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice.
Safe, Axio, KPMG Dominate Cyber Risk Quantification Rankings
2 months 2 weeks ago
KPMG Climbs, ThreatConnect Falls in Latest Cyber Risk Quantification Forrester Wave
Safe Security and Axio remained atop Forrester's cyber risk quantification rankings, with KPMB climbing onto the leaderboard and ThreatConnect falling off the leaderboard. Cyber risk quantification tools have moved beyond basic risk modeling to automate recommendations and analyze trends.
Safe Security and Axio remained atop Forrester's cyber risk quantification rankings, with KPMB climbing onto the leaderboard and ThreatConnect falling off the leaderboard. Cyber risk quantification tools have moved beyond basic risk modeling to automate recommendations and analyze trends.
微软将杀毒软件供应商移出Windows内核
2 months 2 weeks ago
国内杀毒软件厂商
微软将杀毒软件供应商移出Windows内核
2 months 2 weeks ago
当前环境出现异常,需完成验证后方可继续访问。
[AI安全论文] (40)CCS24 PowerPeeler:一种通用的PowerShell脚本动态去混淆方法
2 months 2 weeks ago
本文介绍一种动态PowerShell解混淆方法,希望对您有帮助!