Aggregator

Experts Warn White House AI Action Plan Could Prioritize Deregulation Over Security
The Trump administration pledged Wednesday an offensive against "red tape" hindering artificial intelligence developers in federal and state governments while vowing to ensure that such systems are objective "rather than pursue social engineering agendas."

Healthcare Providers Are Among Dozens of Entities Hit Since Gang Emerged in 2024
U.S. authorities are warning of threats posed by double-extortion gang Interlock, which has been hitting an assortment of businesses across many industries, including healthcare and other critical infrastructure sectors, with a ransomware variant first seen in September 2024.

Series D Raise Targets Security Automation, Trust Centers and Zero-Touch Reviews
With $150 million in new Series D funding at a $4.15 billion valuation, Vanta plans to accelerate its AI-powered trust platform across new markets including government compliance. The company’s tools automate evidence collection, risk management and policy enforcement in real time.

OpenAI's New Agent Automates Tasks, Amid Limits and Privacy Concerns
OpenAI's new ChatGPT Agent can code, browse and send email. The agent excels at tightly-scoped, well-structured workflows like finding names, drafting content or automating click-heavy tasks, but struggles with ambiguity, creativity or judgment-heavy assignments.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-24, 54 days ago. The vendor is given until 2025-11-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-07-24, 61 days ago. The vendor is given until 2025-11-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N severity vulnerability discovered by 'Viettel Cyber Security' was reported to the affected vendor on: 2025-07-24, 1 days ago. The vendor is given until 2025-11-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Viettel Cyber Security' was reported to the affected vendor on: 2025-07-24, 1 days ago. The vendor is given until 2025-11-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Flexera Software が提供する Install Shield によって生成されたインストーラ には、DLL 読み込みに関する脆弱性が存在します。

Солдаты превращаются в автономный боевой узел.

Application-layer attacks have become one of the most common and consequential methods adversaries use to gain access and compromise organizations, according to Contrast Security. These attacks target the custom code, APIs, and logic that power applications, often slipping past detection tools such as Endpoint Detection and Response (EDR) and network-based defenses such as Web Application Firewalls (WAFs). The average application is targeted by attacks more than 14,000 times each month (Source: Contrast Security) Enterprise security’s … More →

The post Your app is under attack every 3 minutes appeared first on Help Net Security.

该 subreddit 专注于数字取证领域，涵盖计算机及其他数字设备的调查与取证工作。成员讨论技术应用及案件分析。一位用户分享了从执法部门转行至私营部门的困难经历，尽管拥有丰富经验却难以获得面试机会。

它不仅在效率和准确率上远超传统方法，更重要的是，它带来了一种全新的思维方式

当前环境异常，需完成验证后方可继续访问。

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.3. This affects the function ovl_dentry_weird. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-56570. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.3. This affects the function arch_stack_walk_user_common. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-56550. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.63/6.12.3. This vulnerability affects the function drm_sched_entity_flush of the component AMD GPU. The manipulation leads to use after free. This vulnerability was named CVE-2024-56551. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.1. This vulnerability affects the function rcu_barrier. The manipulation leads to deadlock. This vulnerability was named CVE-2024-56547. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.10/6.12.1. This affects the function anon_fd of the component cachefiles. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-56549. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.