Aggregator

New Browser Security Report Reveals Emerging Threats for Enterprises

The Hackers News
3 months ago
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI
The Hacker News

New Browser Security Report Reveals Emerging Threats for Enterprises

不安全
3 months ago
好的,我现在需要帮用户总结一篇文章,控制在100字以内。用户已经给出了文章内容和示例回复,我得先仔细阅读文章,抓住重点。 文章主要讲的是2025年的浏览器安全报告,指出身份、SaaS和AI相关的风险都集中在用户的浏览器中。传统安全工具如DLP、EDR等无法有效应对这些新威胁。新兴威胁包括未管理的扩展、AI浏览器、GenAI工具的数据外泄等。数据外泄主要通过剪贴板和AI提示字段,传统工具无法监控这些行为,因此需要新的浏览器安全措施。 接下来,我需要将这些要点浓缩到100字以内。要注意不要使用“这篇文章”或“文章内容总结”这样的开头,直接描述内容。 首先提到报告指出风险集中在浏览器,然后说明传统工具的不足,接着列举主要威胁如未管理扩展、AI浏览器和GenAI的数据外泄情况。最后提到需要新的安全措施。 这样组合起来应该能控制在100字左右。 2025年浏览器安全报告显示,身份、SaaS和AI相关风险集中于用户浏览器。传统安全工具无法应对新兴威胁,如未管理扩展、AI浏览器和GenAI工具引发的数据外泄。数据外泄主要通过剪贴板和AI提示字段,传统工具无法监控这些行为。企业需采取新的浏览器安全措施以应对这一盲点。

Watch out for Walmart gift card scams

不安全
3 months ago
文章揭示了声称赠送Walmart礼品卡的在线调查实为骗局,通过收集个人信息用于广告营销和数据交易,提醒用户提高警惕并采取防范措施。

Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months ago

Threat actors are systematically compromising Outlook and Google mailboxes with alarming success, leveraging sophisticated techniques that sidestep traditional email defenses entirely. According to VIPRE’s Q3 2025 Email Threat Report, over 90% of phishing attacks specifically target these two dominant email ecosystems, representing a calculated strategic shift by attackers seeking to maximize impact while minimizing operational […]

The post Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

AI Act, un anno di grazia: pragmatismo europeo o resa alle Big Tech?

不安全
3 months ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。首先,我得仔细阅读用户提供的文章,理解其主要内容和重点。 这篇文章主要讲的是欧盟的人工智能法案(AI Act)在实施过程中遇到的问题。法案原本在2024年8月生效,但最近有消息说欧盟委员会可能要推迟部分条款的实施,给企业一年的过渡期。这涉及到高风险AI系统和透明度要求的执行时间。同时,文章还讨论了大科技公司对这一政策的压力,以及欧盟在保持其监管领导力和应对现实挑战之间的权衡。 接下来,我需要提取关键点:法案推迟、企业过渡期、大公司的压力、欧盟的信誉问题以及政策的实用主义倾向。然后把这些点浓缩成简短的句子,确保不超过100字。 可能会遇到的问题是如何简洁地表达这些复杂的概念,同时保持信息的完整性。需要避免使用过于专业的术语,让总结更易懂。 最后,检查字数是否符合要求,并确保内容准确传达原文的核心信息。 欧盟拟推迟部分AI法案条款实施时间,为企业提供一年过渡期以适应新规。此举引发对其监管决心和信誉的质疑,同时也反映了大科技公司对政策的压力。

New Report Warns of Threat Actors Actively Adopting AI Platforms to Attack Manufacturing Companies

Cyber Security News
3 months ago

The manufacturing sector faces an escalating threat landscape as cybercriminals increasingly exploit cloud-based platforms and artificial intelligence services to conduct sophisticated attacks. A comprehensive analysis by Netskope Threat Labs reveals that approximately 22 out of every 10,000 manufacturing users encounter malicious content monthly, marking a significant rise in targeted campaigns specifically designed to compromise industrial […]

The post New Report Warns of Threat Actors Actively Adopting AI Platforms to Attack Manufacturing Companies appeared first on Cyber Security News.

Tushar Subhra Dutta

One Simple Mistake, Thousands at Risk - How Common Misconfigurations Could Lead to Massive Data Exposure

不安全
3 months ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户的要求很明确,不需要用“文章内容总结”这样的开头,直接写描述即可。 首先,我得仔细阅读文章内容。文章主要讨论了网络安全防御的关键趋势,包括AI原生防御、零信任的采用、改进的组织架构等。每个部分都有具体的例子和数据,比如AI驱动的攻击导致钓鱼点击率上升到54%,零信任作为新标准,以及组织结构对风险的影响。 接下来,我需要将这些信息浓缩到100字以内。要抓住主要趋势:AI原生防御、零信任、组织架构优化、风险管理、法规增加和社会工程攻击上升。同时,提到社区资源也是一个亮点。 现在开始组织语言:先点明主题是网络安全趋势,然后列出主要趋势和关键点,最后提到社区资源。确保每部分都简洁明了,不超过字数限制。 最后检查一下是否涵盖了所有重要信息,并且语言流畅自然。这样用户就能快速了解文章的核心内容了。 文章探讨了网络安全领域的关键趋势,包括AI原生防御、零信任模型的普及、组织架构优化、风险管理进化及未来法规增加等,并提到社会工程攻击可能因AI而激增。同时指出网络安全风险常源于组织结构与流程,并建议关注相关社区获取专业见解。

No-FTP:高版本JDK如何通过XXE-OOB读取多行文件

不安全
3 months ago
嗯,用户让我帮忙总结一篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。首先,我得仔细阅读这篇文章,理解它的主要内容。 文章主要讲的是XXE漏洞的实际利用,特别是当没有回显的时候,通常需要使用OOB方式来带出数据。传统的HTTP协议外带在遇到换行符时会失败,所以早期用FTP服务器来解决。但后来高版本修复了这个问题。于是作者通过一个朋友的挑战展开了研究。 接下来是环境分析,他们用的是JDK8U202和Windows系统。代码部分显示这是一个异步处理的XXE漏洞,还有try-catch机制和无报错输出,增加了利用的难度。 破局思路部分提到Java协议中的file协议可以在Windows下触发SMB协议交互,file协议没有换行限制。通过构造DTD利用file协议读取文件内容。 总结一下,文章主要讨论了XXE漏洞在没有回显情况下的利用方法,特别是通过file协议和SMB交互来绕过限制。 现在我要把这些内容浓缩到100字以内。要抓住关键点:XXE漏洞、OOB方式、传统HTTP限制、file协议在Windows下的利用、构造DTD读取文件。 所以最终的总结应该是:文章探讨了XXE漏洞在无回显场景下通过OOB方式利用的问题,传统HTTP受限后转向FTP但被修复。研究发现,在Windows环境下可利用file协议触发SMB交互绕过限制,并通过构造DTD实现文件读取。 文章探讨了XXE漏洞在无回显场景下的利用方法,传统HTTP外带受限后转向FTP但被修复。研究发现,在Windows环境下可利用file协议触发SMB交互绕过限制,并通过构造DTD实现文件读取。

libFuzzer进阶实战:从基础应用到工程优化

先知技术社区
3 months ago
libFuzzer在大规模生产环境应用中面临语料库膨胀、并行化效果不佳、字典策略难维护等工程化挑战。本文针对这些核心问题,提供系统性的高级优化方案:深入分析语料库精细化管理策略,包括智能合并和分级存储;阐述高效并行化方法,通过Jobs模式、Fork模式实现资源协作;介绍分层字典设计和动态生成技术;探讨基于SanitizerCoverage的深度覆盖率分析方法。 通过OpenSSL Heartbl

CVE-2025-41107 | QDOCS Smart School 7.0 Query /online_admission firstname/lastname/guardian_name cross site scripting (EUVD-2025-44041)

Vuldb Updates
3 months ago
A vulnerability was found in QDOCS Smart School 7.0. It has been rated as problematic. The affected element is an unknown function of the file /online_admission of the component Query Handler. The manipulation of the argument firstname/lastname/guardian_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-41107. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-12397 | Google Looker Studio 2025-07-07 sql injection (gcp-2025-053 / EUVD-2025-44039)

Vuldb Updates
3 months ago
A vulnerability was found in Google Looker Studio 2025-07-07. It has been classified as critical. This issue affects some unknown processing. Performing manipulation results in sql injection. This vulnerability is known as CVE-2025-12397. Remote exploitation of the attack is possible. No exploit is available. This product is a managed service, so users do not have direct control over vulnerability countermeasures. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-12405 | Google Looker Studio 2025-07-07 privileges management (gcp-2025-053 / EUVD-2025-44043)

Vuldb Updates
3 months ago
A vulnerability categorized as critical has been discovered in Google Looker Studio 2025-07-07. The impacted element is an unknown function. The manipulation results in improper privilege management. This vulnerability was named CVE-2025-12405. The attack may be performed from remote. There is no available exploit. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-12409 | Google Looker Studio prior 2025-07-07 sql injection (gcp-2025-053 / EUVD-2025-44038)

Vuldb Updates
3 months ago
A vulnerability was found in Google Looker Studio and classified as critical. This vulnerability affects unknown code. Such manipulation leads to sql injection. This vulnerability is traded as CVE-2025-12409. The attack may be launched remotely. There is no exploit available. This product is a managed service, indicating that users are not permitted to maintain vulnerability countermeasures themselves. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-41001 | SOPlanning proper 1.53.02 Query options.php LOGOUT_REDIRECT cross site scripting (EUVD-2025-44042)

Vuldb Updates
3 months ago
A vulnerability identified as problematic has been detected in SOPlanning proper 1.53.02. This affects an unknown function of the file /soplanning/www/process/options.php of the component Query Handler. This manipulation of the argument LOGOUT_REDIRECT causes cross site scripting. The identification of this vulnerability is CVE-2025-41001. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Managed ad