Aggregator
Oracle security advisory – April 2025 quarterly rollup (AV25-214)
央视新闻报道:360揭批美国NSA针对亚冬会发起网络攻击
AI比赛大杀器XGBoost结合ast抽象语法树批量识别恶意php文件
MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’
These are “interesting” times: U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16.
The post MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’ appeared first on Security Boulevard.
41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That
Akira
Entrust Cryptographic Security Platform provides visibility into cryptographic risk posture
Entrust announced the Entrust Cryptographic Security Platform, a unified, end-to-end cryptographic security management solution for keys, secrets, and certificates. Cyberattacks on data security and identity systems are exploding in scale and sophistication. Traditional approaches to securing data and identities aren’t working, and in digital-first environments every connected device, application, and system is at risk without a secure cryptographic foundation. And the fragmented tools for managing cryptographic sprawl – including encryption keys, secrets, and certificates – … More →
The post Entrust Cryptographic Security Platform provides visibility into cryptographic risk posture appeared first on Help Net Security.
Active Directory Recovery Can't Be an Afterthought
China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses
苹果紧急修复两个已被利用的iOS漏洞,用于针对特定目标的复杂攻击
CVE-2025-24054, NTLM Exploit in the Wild
Key Points Introduction NTLM (New Technology LAN Manager) is a suite of authentication protocols developed by Microsoft to verify user identities and protect the integrity and confidentiality of network communications. NTLM operates through a direct client-server exchange known as the NTLM challenge/response mechanism, in which the server challenges the client to prove its identity without […]
The post CVE-2025-24054, NTLM Exploit in the Wild appeared first on Check Point Research.
Submit #553645: pytorch pytorch (in torch.nn.functional.ctc_loss) 2.6.0 Denial of Service [Accepted]
Submit #553631: Sourcecodester Web-based Pharmacy Product Management System edit-product v1.0 Command Injection [Accepted]
Cloud Atlas снова в эфире: кто открыл рассылку от «Министерства правды»?
CISA at the Last Minute Extends Funding for Crucial MITRE CVE Program
The Trump Administration is ending funding for MITRE's crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government funding and oversight.
The post CISA at the Last Minute Extends Funding for Crucial MITRE CVE Program appeared first on Security Boulevard.
Submit #553627: SourceCodester Simple Hotel Booking System V1.0 Buffer Overflow [Accepted]
Cozy Bear targets EU diplomats with wine-tasting invites (again)
APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler flagged a low-volume phishing campaign aimed at delivering the WINELOADER backdoor to European diplomats. The lure was a PDF file containing a fake invitation letter supposedly send by the Ambassador of India, inviting diplomats to a wine-tasting event. … More →
The post Cozy Bear targets EU diplomats with wine-tasting invites (again) appeared first on Help Net Security.