Aggregator

Chinese Threat: NFC-Enabled Fraud in the Philippines’ Financial Sector

2 months 2 weeks ago

ZDI-CAN-27536: Cisco

2 months 2 weeks ago

A CVSS score 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L severity vulnerability discovered by 'Guy Lederfein of Trend Research' was reported to the affected vendor on: 2025-07-03, 77 days ago. The vendor is given until 2025-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-27376: Schneider Electric

ZDI: Upcoming Advisories

2 months 2 weeks ago

A CVSS score 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Aleksandar Djurdjevic (https://github.com/revengsmK)' was reported to the affected vendor on: 2025-07-03, 78 days ago. The vendor is given until 2025-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-27467: Dassault Systèmes

ZDI: Upcoming Advisories

2 months 2 weeks ago

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2025-07-03, 78 days ago. The vendor is given until 2025-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Burn It With Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability

不安全

2 months 2 weeks ago

作者在2019年发现Java依赖解析中使用HTTP而非HTTPS导致的安全漏洞，并推动多方合作关闭HTTP支持、改进默认设置及利用自动化工具修复大量项目，最终消除这一系统性安全漏洞。

I Stalked a Scammer on the Dark Web. Here’s What I Learned About OSINT

不安全

2 months 2 weeks ago

文章讲述作者发现个人信息被暗网拍卖后学习OSINT和取证技术的经历, 揭示了暗网的混乱本质及普通用户的真实身份暴露问题, 并探讨了调查人员对勒索软件的关注。

Secure by Design: A Modern Guide to Application Architecture Reviews

不安全

2 months 2 weeks ago

文章强调在Web开发中从设计阶段开始考虑安全的重要性，并介绍了如何通过应用安全架构审查（ASARs）识别和修复潜在漏洞。文中详细探讨了威胁建模、认证与授权、输入验证等关键安全措施，并结合云、容器和DevSecOps等现代需求，提供了实用的安全实践建议。

That One Time SSL Pinning Made Me Question Everything About HTTPS

不安全

2 months 2 weeks ago

文章解释了HTTPS的工作原理、Burp Suite如何通过代理和证书伪造实现中间人攻击，以及SSL Pinning如何防止此类攻击及其绕过方法。

Fake Logins, Real Costs: The OTP Bug Worth €X,XXX

不安全

2 months 2 weeks ago

一家东南亚电动汽车初创公司的移动应用在手机号验证过程中存在重大漏洞：即使输入的手机号从未注册过，系统仍会发送验证码至该号码。这一缺陷可能导致滥用、经济损失甚至平台被封禁。

Why Apple Might Let ChatGPT or Claude Run Siri — and What It Means for the Future of AI

不安全

2 months 2 weeks ago

苹果可能放弃自研AI，转而与OpenAI和Anthropic合作，在未来版本的Siri中整合ChatGPT和Claude。这一转变源于内部延误、产品失败和投资者质疑。Siri曾是创新标杆，但已被竞争对手的生成式AI超越。

The Hidden Graph: How API Rate Limits Lied and Let Me Scrape Millions

不安全

2 months 2 weeks ago

凌晨2:47 AM的研究人员在测试GraphQL API时发现大量用户数据泄露，揭示了API欺骗性提示背后的潜在风险。

The Hidden Graph: How API Rate Limits Lied and Let Me Scrape Millions

不安全

2 months 2 weeks ago

凌晨2:47,看完《黑镜》后,作者探索GraphQL端点,发现API谎称"已达到限制",实则泄露大量用户数据。

Cl0p Ransomware’s Exfiltration Process Exposes RCE Vulnerability

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

2 months 2 weeks ago

A newly disclosed vulnerability in the Python-based data-exfiltration utility used by the notorious Cl0p ransomware group has exposed the cybercrime operation itself to potential attack. The flaw, cataloged as GCVE-1-2025-0002, was identified by Italian security researcher Lorenzo N and published by the Computer Incident Response Center Luxembourg (CIRCL) on July 1, 2025. Vulnerability Details The […]

The post Cl0p Ransomware’s Exfiltration Process Exposes RCE Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya