Aggregator

Китайские APT снова в деле — что они забыли в макросах для Microsoft Word?

In this Help Net Security interview, Anuj Goel, CEO of Cyware, discusses how threat intelligence is no longer a nice to have, it’s a core cyber defense requirement. But turning intelligence into action remains a challenge for many organizations. The path forward lies in integration, automation, and collaboration across technical and executive teams. With the right strategy, threat intelligence can become not just a source of awareness, but a driver of speed, precision, and resilience. … More →

The post What good threat intelligence looks like in practice appeared first on Help Net Security.

Google 在 I/O 2025 大会上宣布开始向美国搜索服务的用户推送 AI 模式（A.I. Mode）——以对话的方式向用户返回所查询问题的答案，工作方式类似 AI 聊天机器人。AI 模式此前通过 Labs 提供给用户试用，在 I/O 2025 上 Google 宣布了一系列新功能，包括新购物工具，比价，为金融和体育查询创建自定义图表和图形，等等。AI 模式使用的大模型是 Gemini 2.5 的一个定制版本。Google 计划未来为 AI 模式引入深度研究（Deep Research）模式的分支深度搜索（Deep Search）。

South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Korea’s largest wireless telecom company, a major player in the country’s mobile and tech landscape. It holds about 48% of the market share for mobile services, meaning around 34 million subscribers use its […]

Currently trending CVE - Hype Score: 12

Currently trending CVE - Hype Score: 6 - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.

中亚，这片位于欧亚大陆心脏地带的神秘区域，常常被世界舞台的聚光灯所忽略。2025年，这片看似平静的土地却悄然

本文约2797字，预计阅读时间10分钟。情报分析的核心任务之一，是将收集来的离散数据整合成有意义的图景。

Никто не ожидал, что вредонос можно так легко найти в официальном источнике.

A vulnerability, which was classified as critical, has been found in Google Chrome. This issue affects some unknown processing of the component SQLite. The manipulation as part of HTML Page leads to out-of-bounds read. The identification of this vulnerability is CVE-2019-13753. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Google Chrome. This vulnerability affects unknown code of the component SQLite. The manipulation as part of HTML Page leads to out-of-bounds read. This vulnerability was named CVE-2019-13752. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications Cloud Native Core Network Repository Function 1.14.0. It has been rated as critical. This issue affects some unknown processing of the component NRF. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2019-13734. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component SQLite. The manipulation as part of HTML Page leads to out-of-bounds write. This vulnerability was named CVE-2019-13734. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle TimesTen In-Memory Database and classified as critical. This issue affects some unknown processing of the component EM TimesTen plug-in. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2021-29923. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle TimesTen In-Memory Database. It has been classified as critical. Affected is an unknown function of the component Install. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2021-29923. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Go up to 1.16 and classified as critical. Affected by this issue is the function net.ParseIP/net.ParseCIDR of the component IP Address Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2021-29923. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Go 1.11.5. Affected by this vulnerability is an unknown functionality of the component net-http. The manipulation as part of HTTP Header leads to crlf injection. This vulnerability is known as CVE-2019-9741. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Microsoft Windows up to Server 2019. Affected by this vulnerability is an unknown functionality in the library HTTP.sys of the component HTTP2 Handler. The manipulation leads to resource consumption. This vulnerability is known as CVE-2019-9512. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in HTTP2. It has been classified as critical. Affected is an unknown function of the component Ping Handler. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2019-9512. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.