OpenAI 用户数据或因分析公司 Mixpanel 遭网络攻击而泄露
error code: 521
Aggregator
New York Hospital Cyber Rules to 'Raise the Bar' Nationwide
3 weeks ago
New York State's stringent new cybersecurity requirements for many hospitals will have a ripple effect, raising the security bar and expectations for healthcare providers across many other states, predicts Chris Stucker, deputy CISO at Wisconsin-based Froedtert ThedaCare Health.
As Space Becomes Warfare Domain, Cyber Is on the Frontlines
3 weeks ago
Ground Stations a Top Target in Any Future Conflict, Warns Intelligence Official
Space is becoming a domain of warfare, with private sector companies' planet-side infrastructure on the front lines - and the first shots will likely be fired in cyberspace, a senior U.S. intelligence official warned this month. "If someone owns the ground station, they own the satellite."
Space is becoming a domain of warfare, with private sector companies' planet-side infrastructure on the front lines - and the first shots will likely be fired in cyberspace, a senior U.S. intelligence official warned this month. "If someone owns the ground station, they own the satellite."
Breach Roundup: Recently Patched Oracle Flaw Under Attack
3 weeks ago
Also: npm Packages Infiltrated, FBI Issues Fraud Alert, Campbell's Soup Cans CISO
This week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, "Shai-Hulud 2.0" hit npm, the FBI warned of rising bank account takeover scams, regulators fined Comcast over a vendor breach, Iberia reported a supplier incident and Campbell's canned its CISO.
This week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, "Shai-Hulud 2.0" hit npm, the FBI warned of rising bank account takeover scams, regulators fined Comcast over a vendor breach, Iberia reported a supplier incident and Campbell's canned its CISO.
Ransomware Reshaping Cyber as National Security Priority
3 weeks ago
Public-Private Cooperation Key for Ransomware Mitigation, Says Anne Neuberger
Ongoing, high-profile ransomware attacks against Britain and the United States have transformed cybersecurity into a national security priority, Anne Neuberger, the former White House deputy national security adviser for cyber, said at a Wednesday event in London.
Ongoing, high-profile ransomware attacks against Britain and the United States have transformed cybersecurity into a national security priority, Anne Neuberger, the former White House deputy national security adviser for cyber, said at a Wednesday event in London.
华硕发布新版固件,修复 AiCloud 高危漏洞
3 weeks ago
HackerNews 编译,转载请注明出处: 华硕发布新版固件,修复了包括 AiCloud 功能启用路由器中存在的高危身份验证绕过漏洞在内的多个安全问题。 该公司此次共修复 9 个安全漏洞,其中高危身份验证绕过漏洞编号为 CVE-2025-59366(CVSS 评分 9.2 分),影响所有启用 AiCloud 功能的路由器设备。 华硕在安全公告中表示:“研究人员已报告华硕路由器存在潜在漏洞,华硕已针对这些问题推出缓解措施。为保护您的设备安全,华硕强烈建议所有用户立即将路由器固件更新至最新版本。” AiCloud 是华硕多款路由器内置的远程访问功能,可让设备充当个人云服务器,支持远程媒体流传输和云存储服务。 公告指出:“AiCloud 存在身份验证绕过漏洞,该漏洞可通过 Samba 功能的意外副作用触发,可能导致攻击者在未获得适当授权的情况下执行特定功能。” 华硕建议用户更新 2025 年 10 月发布的路由器固件,涉及型号及对应修复漏洞如下: 固件版本系列 修复漏洞编号 3.0.0.4_386 系列 CVE-2025-59365、CVE-2025-59366、CVE-2025-59368、CVE-2025-59369、CVE-2025-59370、CVE-2025-59371、CVE-2025-59372、CVE-2025-12003 3.0.0.4_388 系列 上述全部漏洞 3.0.0.6_102 系列 上述全部漏洞 针对已停止支持(停产)的路由器型号,华硕也提供了临时缓解建议:为路由器登录账户和 WiFi 设置高强度唯一密码;禁用所有面向互联网的服务以降低暴露风险,包括 AiCloud、广域网远程访问、端口转发、动态域名解析、VPN服务器、非军事区、端口触发和文件传输协议(FTP)等功能。 已停止支持的华硕路由器是黑客 bot 网络的主要攻击目标。近期,名为 “Operation WrtHug” 的新型攻击活动已 compromise 全球数万台过时或停产的华硕路由器,受影响设备主要集中在中国台湾地区、美国和俄罗斯,这些设备被黑客纳入大型恶意网络。 攻击者利用了华硕路由器的多个漏洞实施攻击,包括操作系统命令注入漏洞(CVE-2023-41345 至 CVE-2023-41348)、任意命令执行漏洞(CVE-2024-12912)和身份验证不当漏洞(CVE-2025-2492),并以 AiCloud 服务作为初始入侵入口。 消息来源:securityaffairs; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews
华硕发布新版固件,修复 AiCloud 高危漏洞
3 weeks ago
error code: 521
英伟达显卡涨价在即:英伟达停止在捆绑显存 要求AIC合作伙伴自行采购显存
3 weeks ago
#硬件设备 英伟达显卡涨价在即?英伟达停止捆绑销售显存,要求 AIC 厂商自行采购显存。以前英伟达采购显存并与 GPU 捆绑销售给 AIC 厂商,现在内存芯片价格失控,英伟达认为这种模
每周高级威胁情报解读(2025.11.21~11.27)
3 weeks ago
RomCom组织利用SocGholish向美国公司部署恶意软件;Kimsuky 通过钓鱼邮件分发imJongRAT; 变种第40部门曝光:伊朗伊斯兰革命卫队内部将网络行动与暗杀行动联系起来的部门内幕
每周高级威胁情报解读(2025.11.21~11.27)
3 weeks ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
help
3 weeks ago
宗馥莉卸任娃哈哈集团公司董事长;小米、OV 等手机厂商取消 AIR 机型;Deepseek 推出新数学模型 | 极客早知道
3 weeks ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
宗馥莉卸任娃哈哈集团公司董事长;小米、OV 等手机厂商取消 AIR 机型;Deepseek 推出新数学模型 | 极客早知道
3 weeks ago
李想终于承认,他们走错了方向;安卓版微信更新,聊天能发实况图了;小米 17 Ultra 手机曝光
CVE-2025-58034 FortiWeb 操作系统命令注入漏洞
3 weeks ago
CVE-2025-58034 FortiWeb 操作系统命令注入漏洞综合安全研究报告1. 执行摘要1.1 概述CVE-2025-58034 是一个影响 Fortinet FortiWeb Web 应用
CVE-2025-55680 Windows Cloud Files Mini Filter Driver 提权漏洞综合分析报告
3 weeks ago
CVE-2025-55680 Windows Cloud Files Mini Filter Driver 提权漏洞综合分析报告执行摘要漏洞概述CVE-2025-55680是Windows Cloud
0xGame2025 CTF Misc赛道出题解析与教学指南
3 weeks ago
0xGame2025的misc授课文案,week1到week4都有,知识讲解的都蛮细的,希望能帮助刚踏上ctf_misc的学弟学妹们轻松入门安全
作为出题人而言,这次出的题目感觉还好,比较侧重于原理知识,工具题几乎没有,然后大家可以前往ctf+平台进行复现学习
HackingTeam Soldier分析(带VMP壳如何分析)
3 weeks ago
1. 重点介绍VMP壳如何Dump分析 2. 介绍如何抓重点在复杂的样本中寻找C2配置文件
Super Flagio CTF逆向题技术解析
3 weeks ago
题目概述本题是一道基于cocos2d-x游戏引擎开发的Android逆向题目,附件为flagio.apk。这是一个模仿超级马里奥风格的游戏,玩家需要通过逆向分析找出正确的flag输入。第一步:解压AP
CTF逆向工程深度解析: engineTest - 逻辑门电路引擎的完整破解
3 weeks ago
前言本文将详细解析一道经典的CTF逆向工程题目engineTest。这道题目的设计非常精妙,它将传统的flag验证问题转化为一个基于逻辑门电路的计算引擎。通过本文的学习,读者将掌握以下技能:ELF二进
Write Path Traversal to a RCE Art Department
3 weeks ago
The cybersecurity landscape is constantly evolving, and keeping up with the latest thr