Aggregator

Минфин получил повестку в суд за то, что раздает секреты граждан.

A vulnerability classified as critical has been found in Oracle MySQL Server up to 8.0.40/8.4.3/9.1.0. Affected is an unknown function of the component InnoDB. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-21490. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

天文学家在一颗系外行星上发现了风速高达 9 公里/秒的超音速气流，成为迄今在行星上测得最快的喷射气流。自 2016 年发现 WASP-127b 以来，这颗距离地球 500 多光年的气态巨行星便成为研究目标。其体积略大于木星，但质量仅为木星的 16%。天文学家发现，这颗行星的赤道地区存在极端的喷射气流，风速远超音速。这股喷射气流时速高达 33,000 公里（9 公里/秒），几乎是行星自转速度的六倍，远超太阳系内已知最快风速的纪录——海王星仅 1,800 公里/小时（0.5 公里/秒）。研究团队透过分析 WASP-127b 大气层的光谱，确认其中含有水与一氧化碳分子。在测量这些气体的运动速度时，他们发现大气层内部气流同时向相反方向高速移动，形成双峰讯号，显示赤道周围可能存在极强的喷射气流。进一步绘制的行星天气图显示，两极温度低于其他区域，且晨昏两侧存在轻微的温差，反映出 WASP-127b 具有复杂的气候系统，与地球有所相似。

Dynatrace announced the expansion of its security portfolio with a new Cloud Security Posture Management (CSPM) solution. For enterprises managing complex hybrid and multi-cloud environments, Dynatrace CSPM can significantly enhance security, compliance, and resource-efficiency through continuous monitoring, automated remediation, and centralized visibility. Dynatrace CSPM extends its existing Kubernetes Security Posture Management (KSPM) solution and enables organizations to manage their entire cloud security posture through a single, unified platform. The solution aggregates and contextualizes security and … More →

The post Dynatrace strengthens cloud security posture management appeared first on Help Net Security.

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Contrast Security reveals a 12.5% annual increase in destructive cyber-attacks on banks

A vulnerability was found in libcurl. It has been classified as critical. Affected is an unknown function. The manipulation leads to integer overflow to buffer overflow. This vulnerability is traded as CVE-2025-0725. It is possible to launch the attack remotely. There is no exploit available.

从基础到高级，全方位掌握.NET加壳保护技术

NETGEAR 发布安全公告，敦促用户尽快更新部分WiFi路由器固件，以修复两个高危漏洞。

看雪论坛作者ID：ty1937

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.6.6/16.7.4/16.8.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2023-6386. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Enterprise Edition up to 16.9.6/16.10.4/16.11.1 and classified as problematic. This vulnerability affects unknown code of the component Group Member Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-1539. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in libcURL up to 8.11.1. This affects an unknown part of the component File Descriptor Handler. The manipulation leads to multiple releases of same resource or handle. This vulnerability is uniquely identified as CVE-2025-0665. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in cURL. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-0167. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Linux Kernel up to 6.4.11. Affected by this vulnerability is the function pipapo_get of the file run-tests.sh of the component nftables. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2023-52925. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.4.10. Affected is the function nf_tables_set_elem_destroy of the component netfilter. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2023-52924. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

以色列间谍软件开发商 Paragon Solutions 证实它的客户包括了美国政府及其盟国。此前 WhatsApp 指控 Paragon 的间谍软件被用于攻击近 90 名记者和公民社团成员。至少有两人公开称自己是目标，其中包括意大利记者 Francesco Cancellato 和生活在瑞典的利比亚活动人士 Husam El Gomati。Paragon CEO John Fleming 在声明中表示，该公司要求客户同意禁止非法攻击记者和其他公民社团活动人士的条款，该公司对此类行为零容忍，将终止任何违反服务条款的客户。Fleming 没有证实该公司是否因客户违反条款而终止服务，他拒绝对 WhatsApp 的终止函发表评论。Cancellato 是新闻网站 Fanpage.it 的负责人，该网站去年发表了一份调查报告，针对的是意大利总理 Giorgia Meloni 的 Fratelli d’Italia 党下属青年组织 Gioventù Meloniana，调查披露该组织成员发表过亲纳粹和墨索里尼的口号。El Gomati 也批评过意大利和利比亚合作阻止移民跨越地中海抵达欧洲。

Лёгкие деньги исчезают вместе с последним напряжением в проводах.

Cybersecurity risk management company Tenable announced plans to acquire Vulcan Cyber for approximately $147 million in cash and $3 million in restricted stock units.

The post Tenable Acquires Vulcan Cyber, Building on AI-Powered Risk Prioritization appeared first on Security Boulevard.