Aggregator

TransUnion Data Breach Exposes 4.5 Million Records Through Third-Party App

Security Boulevard
3 months 2 weeks ago

TransUnion, one of the nation’s three major credit reporting agencies, has confirmed a cyberattack that exposed sensitive personal information for more than 4.4 million U.S. consumers. The incident, discovered on July 30, traces back to vulnerabilities in a third-party application used in TransUnion’s consumer support operations. How the Breach Happened According to TransUnion, attackers exploited […]

The post TransUnion Data Breach Exposes 4.5 Million Records Through Third-Party App appeared first on Centraleyes.

The post TransUnion Data Breach Exposes 4.5 Million Records Through Third-Party App appeared first on Security Boulevard.

Rebecca Kappel

Prompt hacks guide

信息安全知识库
3 months 2 weeks ago
本文链接


《Prompt Hacks:终极指南》系统梳理了生成式 AI 面临的提示注入、越狱等攻击手法,并给出10类威胁模型与对应防御方案。文件揭示了 LLM 无法区分系统指令与用户输入的根本原因,展示攻击者如何通过角色扮演、故事编造、编码混淆、令牌注入等方式窃取数据或输出有害内容;同时提供红队演练、语义防火墙、实时观测、合规审计等落地策略,帮助企业守护品牌、资金与运营安全。NeuralTrust 的 AI Gateway、自动化红队、可观测平台三大工具贯穿始终,为零信任架构下的 AI 部署提供一站式解决方案。

Weekly Update 467

Troy Hunt
3 months 2 weeks ago

Using AI to analyse photos and send alerts if I've forgotten to take the bins out isn't going to revolutionise my life, no more so than using it to describe who's at the mailbox when a letter arrives and at the front door when

Troy Hunt

中国电竞,已经是 Next Level

极客公园
3 months 2 weeks ago
「小孩」零血反杀对手,拿下《街霸 6》冠军,再一次让中国电竞迎来高光。   中国选手在国际的优秀表现,和国内电竞产业越来越强,氛围越来越好密不可分。   在 2025 iQOO 杯王者荣耀电竞赛中,参赛人数达到了 69057 人,覆盖全国 265 城,门店和高校赛点数量达 1693 个,创下了 iQOO 杯三年以来的纪录。规格上也有大幅提升,2025 iQOO 杯全国总决赛上除了顶尖主播的助阵,还有来自 KPL 的职业解说、主持人与明星选手。更有跨界明星助阵总决赛,见证总冠军的诞生。   甚至,iQOO 杯也受到了专业赛事认可,今年 iQOO 杯冠军战队将晋级到王者荣耀主播联赛(老王杯),胜出者更有机会进入王者荣耀挑战者杯,为大众玩家创造参与职业赛事的宝贵机会。   但其实,iQOO 杯并非仅仅是一个大型电竞赛事,对于主办方 iQOO 来说,它更是一个和玩家、极客一起打造的电竞文化标志。而正是在三年的赛事中,参赛玩家在享受激烈的比赛过程中,培养起了深厚的友谊,这才是 iQOO 杯电竞赛真正的意义。   正如 iQOO 产品副总裁罗锋所说:「我们相信,游戏最高的配置是朋友,电竞最难忘的时刻是并肩。」   每一个在 iQOO 杯赛事上共享游戏乐趣的玩家,也为了这份「一起共赢」的精神,助力中国电竞达到 Next Level。

CVE-2025-9716 | O2OA up to 10.0-410 Personal Profile Page form name/alias/description cross site scripting (Issue 182 / EUVD-2025-26285)

Vuldb Updates
3 months 2 weeks ago
A vulnerability has been found in O2OA up to 10.0-410 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. This vulnerability appears as CVE-2025-9716. The attack may be initiated remotely. In addition, an exploit is available. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
vuldb.com

CVE-2025-9717 | O2OA up to 10.0-410 Personal Profile Page unit cross site scripting (Issue 183 / EUVD-2025-26284)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in O2OA up to 10.0-410 and classified as problematic. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. This vulnerability is traded as CVE-2025-9717. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad