Aggregator

印度 IT 服务行业产值 2500 亿美元，贡献了 GDP 的 8%，雇佣了 540 万人。外包巨头如 Tata Consultancy Services（TCS）和 Infosys 以最低 5000 美元的薪水源源不断的雇佣应届生，在培训之后胜任发达国家十倍薪水的工作，以这种劳动力套利为欧美的客户提供 IT 服务。然而生成式 AI 时代影响最大的就是初级 IT 工作，而印度的 IT 外包行业也因此深受打击。2023 财年印度四大 IT 外包巨头招聘了 22.5 万名应届生，但到了 2024 财年，招聘的应届生数量暴跌 70% 降至 6 万。TCS 和 Infosys 在 2022 财年增加了 157,000 名员工，而在 2025 财年数量降至 12,771 人。IT 外包巨头的员工总数也在几十年来首次下降，TCS 在 2024 财年的员工总数减少了逾 13,000 人，而 Infosys 则裁员 25,000 人。Accenture 等公司的研究表明，生成式 AI 能自动化 30% 至 40% 的初级程序员和测试人员的工作。应届生招聘人数的减少也改变了该行业的人口结构。Infosys 30 岁以上员工占总员工的比例从 2010 年的 81% 降至 2025 财年预计的 53%。IT 毕业生失业率超过 13%，几乎是全国平均水平的三倍。

Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices outside of the EEA region that have the Microsoft 365 desktop client apps. [...]

Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint research conducted by Red Canary Intelligence and Zscaler threat hunters has identified multiple malicious campaigns utilizing ITarian (also known as Comodo), PDQ, SimpleHelp, and Atera RMM solutions as attack vectors. The appeal […]

The post Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access appeared first on Cyber Security News.

SecWiki周刊（第602期) by ourren

更多最新文章，请访问SecWiki

3 Nederlandse en 4 Belgische mijnenbestrijdingsvaartuigen worden aan de Bulgaarse marine overgedragen. Dit is Inclusief een simulator en reserveonderdelen. De Nederlandse marineschepen zijn van de Alkmaarklasse en gaan in 2027 en 2028 naar het land in Zuidoost-Europa. Dit heeft staatssecretaris Gijs Tuinman de Kamer vandaag laten weten.

A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks against manufacturing, energy, and semiconductor companies across multiple nations. The group’s activities represent a strategic shift from traditional financially motivated cybercrime to geopolitically driven operations that align with broader Russian […]

The post Pro-Russian Hackers Attacking Key Industries in Major Countries Around The World appeared first on Cyber Security News.

HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass

A vulnerability was found in cvat up to 2.39.x. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes authorization bypass. This vulnerability is registered as CVE-2025-49135. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. Executing manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2025-8845. The attack requires local access. In addition, an exploit is available.

A vulnerability described as critical has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. This vulnerability is tracked as CVE-2025-10210. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. Such manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2025-8843. The attack needs to be performed locally. Additionally, an exploit exists.

A vulnerability was found in NASM Netwide Assember 2.17rc0. It has been rated as critical. Affected by this issue is the function do_directive of the file preproc.c. This manipulation causes use after free. This vulnerability is registered as CVE-2025-8842. The attack needs to be launched locally. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. Performing manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-8844. The attack requires a local approach. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in NASM Netwide Assember 2.17rc0. Impacted is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-8846. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in MongoDB Server up to 6.0.20/7.0.16/8.0.3. Impacted is an unknown function of the component SBE Engine. Executing manipulation can lead to use after free. This vulnerability appears as CVE-2025-6706. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in dnnsoftware Dnn.Platform up to 10.0.0. Affected by this issue is some unknown functionality of the component Login IP Filter. This manipulation causes incorrect authorization. This vulnerability is tracked as CVE-2025-52487. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in dnnsoftware Dnn.Platform up to 10.0.0. This affects an unknown part of the component SMB Server Handler. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-52488. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

Zo’n 60 ruiters te paard trotseerden vandaag storm, wat buien, drukte, geknal en geschreeuw. Op Prinsjesdag vormen de militairen het Cavalerie Ere-Escorte van de koninklijke familie. Dan is het de bedoeling dat Defensie weer een mooi visitekaartje afgeeft. Op het Scheveningse strand hielden de ruiters daarom de generale repetitie. Morgen is het hun taak de koets met de koning, koningin en kroonprinses Amalia veilig en waardig door hartje Den Haag te begeleiden.