Aggregator

随着业务的不断扩展和市场需求的增长，火绒安全寻求更多优秀的合作伙伴加入我们的行列。我们特别开启了渠道伙伴招募计划，期待与更多志同道合的伙伴一起把握行业趋势，共同开拓市场潜力，携手共创网络安全的美好未来

01近日，美国摩托车制造商哈雷戴维森疑似发生一起重大数据泄露事件，该事件由名为“888”的网络犯罪组织所为。据报道，该组织声称泄露了66,700多名哈雷戴维森客户的个人详细信息。泄露的数据包括客户的全

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide ran

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Mandiant Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had

A vulnerability was found in Oracle Enterprise Manager Ops Center 12.2.2/12.3.3. It has been classified as critical. This affects an unknown part of the component Networking. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2017-9798. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Enterprise Manager Base Platform 13.2.x and classified as critical. Affected by this vulnerability is an unknown functionality of the component Installer. The manipulation leads to use after free. This vulnerability is known as CVE-2017-9798. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or

Cyber Espionage / IoT BotnetThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC)

A vulnerability was found in Popular Posts Plugin up to 7.1.0 on WordPress. It has been classified as critical. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-11733. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Photo Gallery Slideshow & Masonry Tiled Gallery Plugin up to 1.0.15 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-12237. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. This vulnerability was named CVE-2025-0203. The attack can be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. This vulnerability is known as CVE-2024-13129. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in O-dyn Collabtive. It has been rated as critical. Affected by this issue is some unknown functionality of the file managetimetracker.php. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2013-6872. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

当 AI 开始在编程领域插足时，大家纷纷担心自己会被取代，程序员也开始捏一把汗。但是，谁才是背后真正的“操控者”？我们也许得先问问，AI 究竟能否理解程序员日常的“生死时速”和无休止的需求沟通。纳瓦尔