Aggregator

所谓必修漏洞，就是运维人员必须修复、不可拖延、影响范围较广的漏洞，被黑客利用并发生入侵事件后，会造成十分严重

​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able's N-central remote monitoring and management (RMM) platform. [...]

腾讯云安全公布近期安全漏洞清单，建议自查更新，防入侵保业务安全

腾讯云安全公布近期安全漏洞清单，建议自查更新，防入侵保业务安全

诚挚邀请每一位白帽子参与调研，丰厚礼品等你来拿!

基于全球流量分析，揭示企业AI应用四大安全隐患及应对策略。

The UK government has announced 10 new live facial recognition police vans to be deployed around the country

A critical security vulnerability has been discovered in the popular “Database for Contact Form 7, WPforms, Elementor forms” WordPress plugin, potentially exposing over 70,000 websites to remote code execution attacks.  The vulnerability, tracked as CVE-2025-7384 with a maximum CVSS score of 9.8, affects all versions up to and including 1.4.3 and was publicly disclosed on […]

The post Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks appeared first on Cyber Security News.

Что скрывают августовские волны трафика?

CISA has issued urgent warnings regarding two critical security vulnerabilities in N-able N-Central remote monitoring and management (RMM) software that threat actors are actively exploiting.  The vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, pose significant risks to organizations using this widely-deployed IT management platform. Key Takeaways1. Two critical N-able N-Central vulnerabilities were actively exploited for remote […]

The post CISA Warns of N-able N-Central Deserialization and Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Learn how Single Sign-On reduces login fatigue, improves compliance, and enhances productivity while keeping systems secure.

The post How SSO Reduces Login Fatigue and Improves Security Compliance appeared first on Security Boulevard.

Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted search path that could enable privilege escalation. Cloud-based video conferencing and online collaboration platform Zoom addressed a critical security flaw, tracked as CVE-2025-49457 (CVSS score of 9.6) in Zoom Clients for Windows. An unauthenticated user can exploit the vulnerability to conduct an […]

The notorious ShinyHunters cybercriminal group has emerged from a year-long hiatus with a sophisticated new wave of attacks targeting Salesforce platforms across major organizations, including high-profile victims like Google. This resurgence marks a significant tactical evolution for the financially motivated threat actors, who have traditionally focused on database exploitation and credential theft rather than the […]

The post ShinyHunters Possibly Collaborates With Scattered Spider in Salesforce Attack Campaigns appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in OPPO Health App up to 4.23.4. Affected is an unknown function of the component WebView. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-27388. It is possible to launch the attack remotely. There is no exploit available.

Although passkeys are promoted as a passwordless, phishing-resistant, and inherently secure authentication method, Proofpoint researchers warn that such protection can be bypassed with relative ease. Under certain conditions, an attacker can force a user...

The post Passkeys Are Not Phishing-Proof: A New Attack Bypasses Passwordless Security appeared first on Penetration Testing Tools.

Ни окна, ни GPS, ни шанс остаться незамеченным.

Whonix 17.4, a distribution purpose-built for uncompromising anonymity online, has been released. Based on Debian GNU/Linux, the system routes all network traffic exclusively through Tor, with its source code available under the GPLv3 license....

The post Whonix 17.4 Is Here: A New Era of Uncompromising Online Anonymity appeared first on Penetration Testing Tools.

Several years ago, Google engineers began developing the Address Space Isolation (ASI) mechanism for the Linux kernel, designed to shield systems from attacks exploiting speculative processor execution. The aim was to create a universal...

The post ASI is Back: Google Revives a Linux Kernel Defense Against CPU Attacks appeared first on Penetration Testing Tools.

Researchers have reported a sharp surge in credential-stuffing attempts targeting Fortinet devices with SSL VPN enabled. On August 3, 2025, GreyNoise detected a wave of suspicious traffic involving more than 780 distinct IP addresses....

The post A Storm on the Horizon: Fortinet SSL VPNs Hit by Credential-Stuffing Attacks appeared first on Penetration Testing Tools.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added N-able N-Central flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: N-able N-central is an Remote Monitoring and Management (RMM) platform for MSPs to […]