Aggregator

/r/netsec是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供高质量的技术信息资源。

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating

研究人员发现恶意软件RondoDox利用TBK DVR和Four-Faith路由器的安全漏洞创建僵尸网络。该恶意软件可模仿游戏平台或VPN流量隐藏活动，并通过多架构传播感染Linux设备。它会重命名系统命令文件并清除痕迹以维持长期控制。

Когда карьера на кону, даже ИИ можно обмануть.

关键词安全漏洞2025年7月，一场突如其来的安全危机席卷《使命召唤：二战》PC端。

关键词数据泄露2025年7月4日，勒索软件组织 SatanLock 通过其官方 Telegram 频道及暗网泄

关键词勒索软件2025年7月4日，活跃近两年的勒索即服务（RaaS）组织 Hunters Internatio

关键词实时咨询2025年7月3日，一名33岁的中国男子徐泽伟（音译）在意大利米兰马尔彭萨机场被捕。

Proposed Deal Could End Precedent-Setting SEC Case Over Cybersecurity Misstatements
The SEC and SolarWinds told a federal judge they've reached a tentative agreement to resolve a first-of-its-kind fraud case over cybersecurity disclosures. Federal regulators alleged that SolarWinds misled investors about its cybersecurity, and the settlement hinges on SEC commissioner approval.

Automation Saves Time But Risks Hollowing Out Critical Early-Career Roles
Time travel can seem like an unofficial requirement for cybersecurity job seekers, with would-be employers demanding mid-tier chops for entry-level positions. Come back in a few years, they say, after you've gained experience. But organizations can't assume the pipeline will fix itself.

Citrix Issues Patches to Counter Active Attacks Against Two Critical Vulnerabilities
Administrators of Citrix Netscaler devices are being urged to immediately patch their devices to fix two actively exploited vulnerabilities. One, dubbed Citrix Bleed 2, can be abused by hackers to bypass multifactor authentication, hijack user sessions and gain unauthorized access to the equipment.

SafePay Ransomware Blamed for Prolonged System Outage
Global tech distributor and service provider Ingram Micro confirmed days after a widespread IT outage that a ransomware attack disrupted internal systems. The firm disclosed the incident following reports that extortion demands associated with SafePay ransomware appeared on employee devices.

345 Major HIPAA Breaches Reported to Feds So Far This Year, Affecting 29.9 Million
Midway through 2025, the federal website listing major health data breaches in the U.S. shows a familiar scene: Many hacking incidents including ransomware, dozens of third-party vendor incidents, and millions of individuals affected by compromised personal data.

生成式AI已从内容生成工具发展为具备自主行动能力的智能系统，在企业中发挥重要作用。然而，这也带来了新的安全威胁，包括API攻击、jailbreak和prompt injection等风险。文章探讨了这些威胁如何影响企业，并强调保护API的重要性以应对未来AI系统的独立运作挑战。

Deptective 是一个开源工具，用于自动检测程序运行时所需的依赖包。通过追踪系统调用和分析缺失文件，它能够识别并安装必要的依赖项。支持 Linux、macOS 和 Windows 平台，并使用 Docker 容器进行环境隔离测试。

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS up to 13.4.1. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2020-9843. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple iTunes up to 12.10.6 on Windows. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2020-9843. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iCloud up to 7.18/11.1 on Windows and classified as problematic. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2020-9843. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS up to 6.2.4. It has been rated as problematic. This issue affects some unknown processing of the component WebKit. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2020-9843. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS up to 13.4.4 and classified as problematic. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2020-9843. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.