Aggregator

Работаешь честно — получаешь копейки, воруешь — тебе дают ещё.

In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity standards. Hodges also explains how conformance testing and strategic partnerships help maintain security and interoperability across sectors. What role does the OpenID Foundation play in ensuring global consistency in FAPI 2.0 implementations, especially in sectors like healthcare that haven’t … More →

The post FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare appeared first on Help Net Security.

In 2025, passwordless authentication tools are transforming digital security by eliminating the need for traditional passwords and introducing advanced, user-friendly authentication methods. With cyber threats on the rise and user experience at the forefront, organizations are rapidly adopting these solutions to safeguard sensitive data, reduce breaches, and streamline access for employees and customers alike. Passwordless […]

The post Top 11 Passwordless Authentication Tools – 2025 appeared first on Cyber Security News.

Grok-4 has been jailbroken using a new strategy that combines two different jailbreak methods to bypass artificial intelligence security measures. This raises concerns over the vulnerability of large language models (LLMs) to sophisticated adversarial attacks. Key Takeaways1. Researchers merged Echo Chamber and Crescendo jailbreak techniques to bypass AI safety mechanisms more effectively than individual methods.2. […]

The post Grok-4 Jailbreaked With Combination of Echo Chamber and Crescendo Attack appeared first on Cyber Security News.

Microsoft добавила в Windows функцию аварийной реанимации.

A vulnerability was found in Oracle JD Edwards EnterpriseOne Tools 9.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Runtime SEC. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2019-11358. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

提现3天到账，AI填表1分钟搞定

A vulnerability, which was classified as problematic, has been found in ASUSTOR ADM up to 4.3.3.RH61/5.0.0.RIN1. This issue affects some unknown processing of the component Folder Name Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-7380. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in py-libp2p up to 0.2.2. This vulnerability affects unknown code of the component RSA Key Handler. The manipulation leads to allocation of resources. This vulnerability was named CVE-2025-29606. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in SugarCRM up to 13.0.3/14.0.0. This affects an unknown part of the component API Module. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-58258. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/24.3 RTM1/25.1 RTM0. It has been rated as critical. Affected by this issue is some unknown functionality of the component GPU Driver. The manipulation leads to use of out-of-range pointer offset. This vulnerability is handled as CVE-2025-25180. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OMRON Machine Automation Controller NJ-series, Machine Automation Controller NX-series and Sysmac Studio Software. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to least privilege violation. This vulnerability is known as CVE-2025-1384. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in DSIC Cross-browser Components for Official Document Creation up to 1.6.8. It has been classified as problematic. Affected is an unknown function. The manipulation leads to download of code without integrity check. This vulnerability is traded as CVE-2025-7620. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WellChoose BatchSignCS up to 3.318 and classified as critical. This issue affects some unknown processing. The manipulation leads to relative path traversal. The identification of this vulnerability is CVE-2025-7619. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Hgiga iSherlock-maillog-4.5, iSherlock-smtp-4.5, iSherlock-maillog-5.5 and iSherlock-smtp-5.5 and classified as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2025-7451. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in PHP up to 8.1.32/8.2.28/8.3.22/8.4.9. This affects the function fsockopen of the component Null Character Handler. The manipulation of the argument Hostname leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-1220. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support. It saves the results in JSON files. You can turn one or more of these files into an HTML report that opens in a web browser. The road to PQC “I created pqcscan because we see all the big ones rolling out PQC algorithms in production,” Vincent Berg, CTO at Anvil … More →

The post pqcscan: Open-source post-quantum cryptography scanner appeared first on Help Net Security.

Пока ЕС борется с влиянием Китая, Испания сама сдаёт свои ключи.

快速浏览！2025.7.7—7.13安全动态周回顾。

腾讯安全依托云管端安全产品基线与成熟威胁情报体系，重拳打击银狐银狐钓鱼攻击。团队将通过持续分享银狐团伙的最新情报和攻防技术方案，与产业伙伴共建安全生态。