Aggregator

Февральский список угроз.

A vulnerability has been found in AMI AptioV up to BKS_5.38 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component BIOS. The manipulation leads to improper input validation. This vulnerability is known as CVE-2024-33659. It is possible to launch the attack on the local host. There is no exploit available.

DNI is Allegedly Selling Initial Access to Multiple Unidentified Companies in the USA

Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for

Fortinet警告称，攻击者利用零日漏洞CVE-2025-24472劫持防火墙，获取超级管理员权限，入侵企业网络。

Gcore reported a 56% year-over-year rise in DDoS attacks in H2 2024, highlighting a steep long-term growth tend for the attack technique

Salt Typhoon underscores the urgent need for organizations to rapidly adopt modern security practices to meet evolving threats.

The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. Artificial intelligence (AI) is transforming industries and redefining how organizations protect their data in today’s fast-paced digital world. With over 90% of enterprises storing at least some of their data in the cloud, AI’s ability […]

中小企业如何在预算有限的情况下搭建一套可用流量检测与告警方案

Традиционные методы защиты больше не работают – что делать компаниям?

本文总结了一系列Flask SSTI利用与绕过方式，希望提高大家的工作与研究效率。

A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2024.12.1. Affected is an unknown function of the component Code Inspection Report Tab. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-26493. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.