Aggregator

YesWeHack Bug Bounty Boosts Security Collaboration

5 months ago

Live Hacking Event Offers New Insights Over Traditional Testing
In today's threat landscape, as attackers grow more sophisticated, organizations are finding that direct collaboration between ethical hackers and development teams offers advantages traditional testing methods can't always match.

HHS Offers $50B in Rural Health Grants Including IT, Cyber

DataBreachToday.com

5 months ago

Will Funding Offset Bigger Cuts Planned for Rural Health Under Big Beautiful Bill?
The Department of Health and Human Services has rolled out a $50 billion grant program to "transform" rural healthcare. The program - authorized under the "Big Beautiful Bill" - includes investment opportunities related to IT and cybersecurity. But is it nearly enough?

HIPAA Covered Entities - It’s More Than Just PHI

TrustedSec

5 months ago

<p>Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better understand whether HIPAA truly applies.</p>

Chris Camejo

Новая профессия в IT: «Уборщик» кода за ИИ. Вот и расплата за инновации

Securitylab.ru

5 months ago

Почему программисты плачут от кода, который пишет ИИ за них.

微软：反垃圾邮件服务误拦Exchange Online与Teams链接

不安全

5 months ago

微软反垃圾邮件服务出现误判问题，导致Exchange Online和Microsoft Teams用户无法打开部分链接或接收被隔离的邮件。该问题源于引擎错误标记嵌套URL为恶意内容。微软已识别并解除部分受影响链接，并正在修复系统以解决剩余问题。此事件反映了微软近期多次处理类似误报问题的情况。

微软：反垃圾邮件服务误拦Exchange Online与Teams链接

嘶吼

5 months ago

微软目前正在解决一个已知问题：其反垃圾邮件服务出现误判，导致Exchange Online和Microsoft Teams用户无法打开部分链接，部分邮件也被错误隔离。

据悉，该问题源于反垃圾邮件引擎误将“嵌套在其他链接中的URL”标记为潜在恶意内容，进而导致部分邮件被隔离。

该问题于9月5日开始影响Exchange Online和Microsoft Teams用户。微软表示，即便某些链接已被确认安全，管理员仍可能收到标题为“检测到一名用户点击潜在恶意URL”的警报。

在发现该漏洞当天，微软已识别出超过6000个受影响的URL，正着手解除对它们的拦截，随后将重新推送相关消息，以恢复所有被误标记的消息或链接。

此前，微软曾尝试通过修改配置将延迟间隔调整为1小时，但未获成功。目前，工程师已部署修复程序，通过确保同步操作不再进入隔离状态来解决这些问题。

尽管工程师已部分修复了这些误报问题，但仍在处理因反垃圾邮件模型缺陷导致更多链接被禁用的影响。

微软在9月8日表示，已识别出一组新的受影响URL，正着手处理这部分链接及任何残留的受影响消息。目前大部分影响已得到解决，在进行根本原因分析的同时，也在积极处理剩余问题。

尽管微软尚未披露受此反垃圾邮件问题影响的客户数量及地区，但该服务问题已被归类为“事件”——这类分类通常意味着问题已造成明显的用户影响。

自今年年初以来，微软已多次处理类似问题，这些问题均导致邮件被误标记为垃圾邮件或隔离。例如，5月时，微软修复了Exchange Online中一个机器学习模型误将Gmail账户发送的邮件标记为垃圾邮件的问题；4月，修复了另一个机器学习漏洞——该漏洞导致Exchange Online误将Adobe发送的邮件标记为垃圾邮件；3月，又解决了Exchange Online反垃圾邮件系统误隔离部分用户邮件的误报问题。

胡金鱼

CVE-2025-10485 | pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489 HTTP Header /login ppt_log X-Forwarded-For cross site scripting (EUVD-2025-29354)

Vuldb Updates

5 months ago

A vulnerability classified as problematic was found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function ppt_log of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting. This vulnerability is listed as CVE-2025-10485. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

vuldb.com

CVE-2025-43273 | Apple macOS up to 15.5 Restrictions sandbox (EUVD-2025-23086 / Nessus ID 243030)

Vuldb Updates

5 months ago

A vulnerability was found in Apple macOS up to 15.5. It has been declared as critical. Impacted is an unknown function of the component Restrictions Handler. Executing manipulation can lead to sandbox issue. This vulnerability appears as CVE-2025-43273. The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-43277 | Apple watchOS Audio File memory corruption (EUVD-2025-23052 / Nessus ID 243030)

Vuldb Updates

5 months ago

A vulnerability categorized as critical has been discovered in Apple watchOS. This issue affects some unknown processing of the component Audio File Handler. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2025-43277. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-43277 | Apple iOS/iPadOS Audio File memory corruption (EUVD-2025-23052 / Nessus ID 243030)

Vuldb Updates

5 months ago

A vulnerability identified as critical has been detected in Apple iOS and iPadOS. Impacted is an unknown function of the component Audio File Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-43277. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

vuldb.com

Last Week in Security (LWiS) - 2025-09-15

不安全

5 months ago

文章总结了过去一周的网络安全动态，包括FreeBPX远程代码执行漏洞、macOS审计问题、Spotlight数据泄露等高危漏洞与工具。还涉及内存完整性保护技术、隐私保护语言模型及Pixel设备图像认证功能等创新安全措施。同时提到了VBScript即将被弃用及微软强制安装Copilot应用等重要事件。

芯片安全设计及应用技术研讨会珠海站圆满结束

纽创信安

5 months ago

Termite

Dark Feed IO

5 months ago

You must login to view this content

cohenido

2025，你还折腾刷机吗？

不安全

5 months ago

这篇文章讲述了作者从2011年开始接触Android系统并尝试刷机的经历，详细描述了使用CyanogenMod、MIUI、Flyme等第三方系统的体验，并最终转向更接近原生的国际版固件。文章还提到作者后来购买了iPhone SE3并体验iOS系统，最终思考未来是否继续使用iOS或回归Android。