Aggregator

权威认可！悬镜源鉴SCA、灵脉AI、灵脉IAST成为2025年国内首批通过中国信通院软件供应链安全系列工具能力评估产品。

Health Industry Associations Complain That Proposed Cyber Mandates Are 'Staggering'
Seven major healthcare industry groups are urging the Trump administration to rescind a proposed update to the HIPAA Security Rule issued at the end of the Biden administration. The costs and regulatory burden to comply would be "staggering" to the healthcare sector, they said.

Trump's Procurement Tracking Directive Could Expose Vast Government Data to Threats
The White House is mandating federal agencies to track and justify every procurement, a move aimed at transparency but one that experts warn could expose troves of sensitive financial data to hacking, nation-state cyberthreats and potential supply chain vulnerabilities across government systems.

Approach Aims to Scale AI Models by Making Them Smarter Instead of Bigger
Scaling AI models in size has hit a plateau. One possible solution is test-time compute, which dynamically allocates extra computational resources during inference - or the thinking phase - to refine answers. Test-time compute lets AI models allocate resources based on the problem's complexity.

Series A Investment Expands AI-Driven Cybersecurity and Threat Detection
Mimic got $50 million in Series A funding to expand its ransomware defense solutions. Backed by Google Ventures and Menlo Ventures, the company will enhance AI-driven threat detection, automate security for proprietary apps and grow internationally to protect enterprises from ransomware attacks.

A vulnerability was found in XIQ-SE up to 24.2.10. It has been classified as problematic. Affected is an unknown function of the component Admin Password Handler. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-38291. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vue Vben Admin 2.10.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to hard-coded credentials. The identification of this vulnerability is CVE-2025-25570. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability has been found in Infoblox NIOS up to 8.6.4 and classified as critical. This vulnerability affects unknown code of the component Grids. The manipulation leads to improper authentication. This vulnerability was named CVE-2024-37566. Access to the local network is required for this attack to succeed. There is no exploit available.

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一种名为 TgToxic（又名 ToxicPanda）的 Android 恶意软件的更新版本，这表明其背后的威胁行为者正在持续做出改变以应对公开报道。 “TgToxic 有效载荷中的修改反映了行为者对开源情报的持续监控，并展示了他们增强恶意软件功能以改进安全措施并使研究人员难以应对的承诺，”Intel 471 在本周发布的一份报告中表示。 TgToxic 最早由 Trend Micro 于 2023 年初记录，被描述为一种银行木马，能够从加密钱包以及银行和金融应用程序中窃取凭据和资金。自 2022 年 7 月以来，它已被检测到在野外出现，主要针对台湾、泰国和印度尼西亚的移动用户。 2024 年 11 月，意大利在线欺诈预防公司 Cleafy 详细描述了一种更新的变种，该变种具有广泛的数据收集功能，并将其操作范围扩展到意大利、葡萄牙、香港、西班牙和秘鲁。该恶意软件被认为是中国威胁行为者所为。 Intel 471 的最新分析发现，该恶意软件通过短信或钓鱼网站分发的 Dropper APK 文件进行传播。然而，确切的传播机制仍未知。 一些显著的改进包括增强了模拟器检测能力和更新了命令与控制（C2）URL 生成机制，突显了持续努力以规避分析。 “该恶意软件对设备的硬件和系统能力进行了彻底评估，以检测模拟，”Intel 471 表示。“该恶意软件检查了一组设备属性，包括品牌、型号、制造商和指纹值，以识别模拟系统中常见的差异。” 另一个重大变化是从嵌入恶意软件配置中的硬编码 C2 域名转向使用论坛（如 Atlassian 社区开发者论坛）创建虚假个人资料，其中包含指向实际 C2 服务器的加密字符串。 TgToxic APK 设计为随机选择配置中提供的社区论坛 URL 之一，该 URL 作为 C2 域名的死胡同解析器。 这种方法具有几个优势，最主要的是它使威胁行为者更容易通过简单地更新社区用户个人资料来指向新的 C2 域名，而无需对恶意软件本身进行任何更新。 “这种方法显著延长了恶意软件样本的使用寿命，只要这些论坛上的用户个人资料保持活跃，它们就能保持功能，”Intel 471 表示。 2024 年 12 月发现的 TgToxic 后续迭代版本更进一步，依赖于域生成算法（DGA）来创建用于 C2 服务器的新域名。这使恶意软件更能抵御破坏，因为 DGA 可以创建多个域名，即使某些域名被关闭，攻击者也可以切换到新域名。 “TgToxic 因其先进的反分析技术（包括混淆、有效载荷加密和反模拟机制）而脱颖而出，这些技术使其能够躲避安全工具的检测，”Approov 首席执行官 Ted Miracco 在一份声明中表示。“其使用动态命令与控制（C2）策略（如域生成算法（DGA））和自动化能力，使其能够劫持用户界面、窃取凭据并执行未经授权的交易，同时具备躲避反制措施的隐蔽性和弹性。”   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in Infoblox NIOS up to 8.6.4. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-37567. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Bosscomm IF740 11001.7078/11001.0000. Affected by this issue is some unknown functionality. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2025-25727. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in Infoblox NIOS up to 8.6.4. Affected by this vulnerability is an unknown functionality. The manipulation leads to execution with unnecessary privileges. This vulnerability is known as CVE-2024-36046. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in SysPass 3.2x. Affected is an unknown function of the component Header Handler. The manipulation of the argument Host leads to injection. This vulnerability is traded as CVE-2025-25477. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Infoblox NIOS up to 8.6.4/9.0.3. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2024-36047. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in XIQ-SE up to 24.2.10. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-38292. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in XIQ-SE up to 24.2.10. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-38290. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Motorola Mobility Droid Razr HD 9.18.94.XT926.Verizon.en.US and classified as critical. Affected by this issue is some unknown functionality of the component USB Debugging. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-25730. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability has been found in DrayTek Vigor 165, Vigor 166, Vigor 2133, Vigor 2135, Vigor 2620, Vigor 2762, Vigor 2765, Vigor 2766, Vigor 2832, Vigor 2860, Vigor 2862, Vigor 2865, Vigor 2866, Vigor 2925, Vigor 2925, Vigor 2926, Vigor 2927, Vigor 2962, Vigor 3910, Vigor 3912 and Vigor LTE200 and classified as critical. Affected by this vulnerability is an unknown functionality of the component APP Enforcement Module. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2024-41340. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in DrayTek Vigor 165, Vigor 166, Vigor 2133, Vigor 2135, Vigor 2620, Vigor 2762, Vigor 2765, Vigor 2766, Vigor 2832, Vigor 2860, Vigor 2862, Vigor 2865, Vigor 2866, Vigor 2925, Vigor 2925, Vigor 2926, Vigor 2927, Vigor 2962, Vigor 3910, Vigor 3912 and Vigor LTE200. Affected is an unknown function of the component DHCP Request Handler. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-41338. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Bosscomm IF740 11001.7078/11001.0000. This issue affects some unknown processing. The manipulation leads to channel accessible by non-endpoint. The identification of this vulnerability is CVE-2025-25728. The attack may be initiated remotely. There is no exploit available.