Aggregator

error code: 521

以代码为刃，破界而战——这个盛夏，TSRC盛夏众测静候你的勋章。

Cybersecurity researchers have a massive incentive to target WhatsApp this fall, as the Zero Day Initiative (ZDI) announced a record-breaking $1 million bounty for a zero-click remote code execution exploit against the popular messaging platform at Pwn2Own Ireland 2025. The unprecedented prize represents the largest single bounty in Pwn2Own history and is made possible through […]

The post WhatsApp 0-Click RCE Exploit Worth $1 Million at Pwn2Own Ireland 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

随着网络攻击技术的发展，越来越多的恶意 C2（Command and Control）通信采用 TLS 加密，以规避传统网络安全设备的检测。本文提出一种基于中间人（MitM）机制的 TLS 卸载方法，用于实现加密流量下的 C2 通信检出。该方法通过在客户端与服务端之间引入中间人代理，拦截并解密 TLS 流量，从而将原本不可见的加密通信还原为明文，供入侵检测系统（如 Suricata）或自定义规则引

当大模型在安全评估中表现得 “循规蹈矩” 时，那段看似合规的回应背后，可能藏着对评估场景的 “刻意迎合”？

Currently trending CVE - Hype Score: 10 - A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app may be able to gain root privileges.

Currently trending CVE - Hype Score: 10 - A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

Currently trending CVE - Hype Score: 10 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to bypass certain Privacy preferences.

Currently trending CVE - Hype Score: 8 - A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current ...

文章强调了信息安全的重要性，并指出人为错误是主要漏洞。通过员工信息安全培训可以有效减少威胁和数据泄露的影响。培训应包括识别钓鱼攻击、密码管理等内容，并采用微学习等现代方法持续提升员工意识。这不仅是成本，更是企业安全和竞争力的关键投资。

Flashpoint data reveals an 800% increase in credentials stolen via infostealers in just six months

The latest wave of credential-phishing campaigns has revealed an unexpectedly convenient ally for threat actors: the very e-mail security suites meant to protect users. First observed in late July 2025, multiple phishing clusters began embedding malicious URLs inside the legitimate link-wrapping services of Proofpoint’s Protect platform (https://urldefense.proofpoint.com/v2/url?u=) and Intermedia’s LinkSafe (https://safe.intermedia.net/?u=). Because corporate filters already […]

The post Threat Actors Abuse Proofpoint’s and Intermedia’s Link Wrapping Features to Hide Phishing Payloads appeared first on Cyber Security News.

Microsoft has significantly enhanced its .NET bounty program, announcing substantial updates that expand the program’s scope, streamline award structures, and provide greater incentives for cybersecurity researchers.  The enhanced program now offers rewards of up to $40,000 USD for identifying critical vulnerabilities within the .NET ecosystem, representing a major commitment to strengthening the security framework of […]

The post Microsoft Upgrades .NET Bounty Program with Rewards to Researchers Up to $40,000 appeared first on Cyber Security News.

:Новый способ предсказания атак может спасти вашу компанию от взлома.

文章讨论了IEC 62443-4-2标准如何保障工业设施安全及数据安全，并提到物联网设备与工业系统的融合趋势。

Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity

智能体系统被称为超级AI智能体，正成为网络安全领域的颠覆性力量。

文章探讨了正念冥想在中国的传播及其潜在副作用。通过分析正念的历史背景、心理学与佛教中的定义差异以及禅病的成因与治疗建议，作者指出正念并非普适性训练方法。缺乏充分理解即投入练习可能带来系统性风险。

这场沙龙一起「识风险、挖漏洞、破挑战」！