Aggregator

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Credential Security Support Provider Protocol. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-47987. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年6月30日至2025年7月6日）安全漏洞情况如下

Протокол обновлён: расширения, API и поддержка буферов.

A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections.  This vulnerability stems from improper input validation within SQL Server’s processing mechanisms, enabling attackers to disclose uninitialized memory contents without requiring authentication or user interaction.  Key Takeaways1. Critical SQL Server bug (CVE-2025-49719) exposes […]

The post Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network appeared first on Cyber Security News.

Splunk has released critical security updates for its Enterprise platform, addressing multiple vulnerabilities in bundled third-party packages across several product versions. The company issued Advisory SVD-2025-0710 on July 7, 2025, urging immediate updates to protect against various security exposures ranging from informational to critical severity levels. Critical Security Updates Released Splunk Enterprise versions 9.4.3, 9.3.5, […]

The post Splunk Enterprise Addresses Vulnerabilities in Bundled Third-Party Packages – Update Now appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

用户发现一个关于章鱼弹出页面的视频链接，并对其构造和细节感到惊叹，希望逆向工程其机制并制作模板。作为Reddit新手，他寻求帮助。

A vulnerability was found in Microsoft Windows Server 2012 up to Server 2022 23H2 and classified as critical. Affected by this issue is some unknown functionality of the component KDC Proxy Service. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-49735. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in SAP NetWeaver Enterprise Portal Administration 7.50. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-42964. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SAP NetWeaver 7.50 and classified as critical. Affected by this issue is some unknown functionality of the component XML Data Archiving Service. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-42966. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component Capability Access Management Service. The manipulation leads to double free. This vulnerability was named CVE-2025-49690. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

In 2025, the need for robust secure web gateways (SWGs) has never been greater. As organizations shift to hybrid work, cloud-first strategies, and digital transformation, threats targeting web traffic have grown in sophistication. Secure web gateways are now a foundational element for cybersecurity, providing real-time protection against malware, phishing, data leaks, and unauthorized access. Businesses […]

The post 10 Best Secure Web Gateway Vendors In 2025 appeared first on Cyber Security News.

Notedrafts 是一款轻量级 iOS 笔记应用，支持在无限画布上书写、加载 PDF 批注及插入图片、文本。提供多种绘图工具和模板管理功能，适合 iPad 和 Apple Pencil 使用。虽小巧但需 iOS 17.6 支持，遗憾无法导出 PDF。

Один апдейт — и всё исчезло.

A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.  The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections. Key Takeaways1. CVE-2025-48817 enables remote code execution via Microsoft Remote Desktop […]

The post Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

随着教育数字化转型加速推进，教育行业网络安全面临全新挑战。在线教育规模持续扩大，智慧校园建设全面铺开，教学平台、课堂系统、校园物联网设备等关键基础设施的安全风险日益突出。与此同时，5G+教育、教育元宇宙等新兴技术的应用，进一步扩展了安全防护的边界，传统防御模式已难以应对复杂多变的安全威胁。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，教育行业网络安全建设呈现出三个主要趋势：1、技术防护体系持续升级。教育机构正从单一的网络边界防护，转向覆盖终端、平台、数据的全方位安全架构。人工智能技术被广泛应用于教学行为分析、异常访问检测等领域，物联网设备准入控制、数据分级保护等技术也在逐步落地，有效提升了整体防护能力。2、安全管理模式不断创新。越来越多的教育机构采用安全即服务模式，通过托管服务降低安全运维门槛。同时，教育数据安全治理体系逐步完善，数据分类分级、访问控制等措施的落地，确保了教学数据的安全流转与使用。3、安全与业务融合更加紧密。安全防护不再局限于技术层面，而是深度嵌入教学、管理、服务等核心业务场景。部分领先机构已构建智能化的安全运营体系，实现威胁的实时监测与快速响应，为教育数字化发展提供了坚实保障。 基于这些发现，我们将重点展示几个具有代表性的教育行业优秀安全解决方案，为教育行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编 2025中国网络安全「能源行业」优秀解决方案汇编 2025中国网络安全「制造行业」优秀解决方案汇编 2025中国网络安全「电力（水利）行业」优秀解决方案汇编 2025中国网络安全「互联网行业」优秀解决方案汇编 2025中国网络安全「运营商行业」优秀解决方案汇编 2025中国网络安全「医疗行业」优秀解决方案汇编

当前环境异常，请完成验证后继续访问。

A critical security vulnerability has been discovered in Citrix’s Windows Virtual Delivery Agent that could allow attackers with low-level system access to escalate their privileges to SYSTEM level, potentially granting them complete control over affected systems. The vulnerability, tracked as CVE-2025-6759, affects Citrix Virtual Apps and Desktops as well as Citrix DaaS (Desktop as a […]

The post Citrix Windows Virtual Delivery Agent Vulnerability Lets Attackers Escalate to SYSTEM Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

中国研究人员首次直接观测到“反Klein隧穿”（AKT）现象——这一量子悖论描述的是手性粒子在遇到势垒时并非穿越，而是被完全反射。“Klein隧穿”是量子物理中的一个著名悖论：质量为零的相对论粒子可以无视能垒的存在，自由穿越而不发生反射。与之相对的“反Klein隧穿”则预言：对于具有“手性”特征的有质量粒子，能垒会导致完全反射。这种奇特的传播行为长期以来仅存在于理论推演和间接证据中，始终缺乏实验验证。该研究中，团队设计了一种结构可调的双层声子晶体，在其声学色散关系中引入了手性与质量，使系统中的声子类比于双层石墨烯中的手性准粒子。当声波遇到由此构成的势垒结构时，传播行为取决于结构参数的调控：在特定配置下，声波被完全反射，即出现反Klein隧穿；而在另一配置下，则可以实现完全穿透，即Klein隧穿。

中国研究人员首次直接观测到“反Klein隧穿”现象，利用双层声子晶体模拟手性准粒子，在特定条件下实现声波完全反射或穿透，验证了这一长期理论预测。

Загрузчик был простым, а стал многозадачным.