Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

WiCyS is not a women-only organization but rather a community of allies committed to solving the cybersecurity work shortage, together.

The post Women in CyberSecurity (WiCyS): Building Community and Fostering Opportunity in Cybersecurity appeared first on Security Boulevard.

Accelerate human-led innovation, automate the grunt work and make sure AI delivers real value without proliferating new security risks. 

The post From LLMs to Cloud Infrastructure: F5 Aims to Secure the New AI Attack Surface  appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 4 - A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

Currently trending CVE - Hype Score: 5 - Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able ...

Currently trending CVE - Hype Score: 4 - In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Currently trending CVE - Hype Score: 4 - The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP ...

Currently trending CVE - Hype Score: 4 - Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.

Currently trending CVE - Hype Score: 19 - A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially ...

Currently trending CVE - Hype Score: 21 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Currently trending CVE - Hype Score: 1 - Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.

Currently trending CVE - Hype Score: 21 - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Currently trending CVE - Hype Score: 23 - A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not ...

Justice Officials Will Reportedly Probe the Google-Wiz Deal on Antitrust Grounds
Antitrust enforcers are reportedly pumping the brakes on Google's proposed $32 billion buy of Wiz, but it's unclear if it'll be a single speedbump or an unmovable roadblock. Officials in the Justice Department's antitrust division are assessing if the megadeal would illegally limit competition.

Ciaran Martin Urges Increased Focus on Essential Service Continuity, Resilience
China's ability to monitor and disrupt Western infrastructure demands a major shift in cybersecurity thinking. Ciaran Martin, a professor at Oxford University, said avoiding fear-driven narratives and focusing instead on service continuity and resilience is of paramount importance.

Microsoft Patched Flaw Allowing Attackers to Hijack Copilot Responses
A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The zero-click prompt injection attack vulnerability received a CVSS severity score of 9.3.

Anne Wojcicki's New TTAM Research Institute Wins Bid for Bankrupt Genomics Testing Firm
TTAM Research Institute - 23andMe's co-founder and former CEO Anne Wojcicki's new company - is the winner in a final round of bids to purchase the bankrupt consumer genomics testing firm. As part of TTAM's bid, the nonprofit pledged to implement additional data privacy and security protections.

Sean Plankey Has Support, But His CISA Nomination is Blocked and Delayed
U.S. President Donald Trump’s nominee to lead the nation’s top cyber defense agency is stuck in confirmation limbo, delayed by scheduling setbacks and a Senate hold over an unrelated report - deepening uncertainty amid a major operational overhaul at the agency.

SSRF漏洞分析