Aggregator

Notedrafts 是一款轻量级 iOS 笔记应用，支持在无限画布上书写、加载 PDF 批注及插入图片、文本。提供多种绘图工具和模板管理功能，适合 iPad 和 Apple Pencil 使用。虽小巧但需 iOS 17.6 支持，遗憾无法导出 PDF。

Один апдейт — и всё исчезло.

A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.  The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections. Key Takeaways1. CVE-2025-48817 enables remote code execution via Microsoft Remote Desktop […]

The post Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

随着教育数字化转型加速推进，教育行业网络安全面临全新挑战。在线教育规模持续扩大，智慧校园建设全面铺开，教学平台、课堂系统、校园物联网设备等关键基础设施的安全风险日益突出。与此同时，5G+教育、教育元宇宙等新兴技术的应用，进一步扩展了安全防护的边界，传统防御模式已难以应对复杂多变的安全威胁。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，教育行业网络安全建设呈现出三个主要趋势：1、技术防护体系持续升级。教育机构正从单一的网络边界防护，转向覆盖终端、平台、数据的全方位安全架构。人工智能技术被广泛应用于教学行为分析、异常访问检测等领域，物联网设备准入控制、数据分级保护等技术也在逐步落地，有效提升了整体防护能力。2、安全管理模式不断创新。越来越多的教育机构采用安全即服务模式，通过托管服务降低安全运维门槛。同时，教育数据安全治理体系逐步完善，数据分类分级、访问控制等措施的落地，确保了教学数据的安全流转与使用。3、安全与业务融合更加紧密。安全防护不再局限于技术层面，而是深度嵌入教学、管理、服务等核心业务场景。部分领先机构已构建智能化的安全运营体系，实现威胁的实时监测与快速响应，为教育数字化发展提供了坚实保障。 基于这些发现，我们将重点展示几个具有代表性的教育行业优秀安全解决方案，为教育行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编 2025中国网络安全「能源行业」优秀解决方案汇编 2025中国网络安全「制造行业」优秀解决方案汇编 2025中国网络安全「电力（水利）行业」优秀解决方案汇编 2025中国网络安全「互联网行业」优秀解决方案汇编 2025中国网络安全「运营商行业」优秀解决方案汇编 2025中国网络安全「医疗行业」优秀解决方案汇编

当前环境异常，请完成验证后继续访问。

A critical security vulnerability has been discovered in Citrix’s Windows Virtual Delivery Agent that could allow attackers with low-level system access to escalate their privileges to SYSTEM level, potentially granting them complete control over affected systems. The vulnerability, tracked as CVE-2025-6759, affects Citrix Virtual Apps and Desktops as well as Citrix DaaS (Desktop as a […]

The post Citrix Windows Virtual Delivery Agent Vulnerability Lets Attackers Escalate to SYSTEM Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

中国研究人员首次直接观测到“反Klein隧穿”（AKT）现象——这一量子悖论描述的是手性粒子在遇到势垒时并非穿越，而是被完全反射。“Klein隧穿”是量子物理中的一个著名悖论：质量为零的相对论粒子可以无视能垒的存在，自由穿越而不发生反射。与之相对的“反Klein隧穿”则预言：对于具有“手性”特征的有质量粒子，能垒会导致完全反射。这种奇特的传播行为长期以来仅存在于理论推演和间接证据中，始终缺乏实验验证。该研究中，团队设计了一种结构可调的双层声子晶体，在其声学色散关系中引入了手性与质量，使系统中的声子类比于双层石墨烯中的手性准粒子。当声波遇到由此构成的势垒结构时，传播行为取决于结构参数的调控：在特定配置下，声波被完全反射，即出现反Klein隧穿；而在另一配置下，则可以实现完全穿透，即Klein隧穿。

中国研究人员首次直接观测到“反Klein隧穿”现象，利用双层声子晶体模拟手性准粒子，在特定条件下实现声波完全反射或穿透，验证了这一长期理论预测。

Загрузчик был простым, а стал многозадачным.

A critical security vulnerability has been discovered in Fortinet’s FortiWeb web application firewall that allows unauthenticated attackers to execute malicious SQL commands through the device’s graphical user interface. The flaw, designated as CVE-2025-25257, poses significant risks to organizations relying on FortiWeb for web application protection. Vulnerability Details The vulnerability stems from improper neutralization of special elements […]

The post FortiWeb SQL Injection Vulnerability Allows Attackers to Execute Malicious SQL Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Microsoft Office and classified as critical. This vulnerability affects unknown code. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-49697. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Excel and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-49711. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Fortinet FortiOS up to 7.2.11/7.4.7/7.6.1. It has been classified as critical. This affects an unknown part of the component cw_stad Daemon. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-24477. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD EPYC 7003 Processors, EPYC 9004 Processors, EPYC 8004 Processors, EPYC 9V64H Processor, Ryzen 5000 Desktop Processors, Ryzen 5000 Desktop Processor with Radeon Graphics, Ryzen 7000 Desktop Processors, Ryzen 8000 Processor with Radeon Graphics, Ryzen Threadripper PRO 7000 WX-Series Processors, Ryzen 6000 Processor with Radeon Graphics, Ryzen 7035 Processor with Radeon Graphics, Ryzen 7000 Processors with Radeon Graphics, Ryzen 7040 Processors with Radeon Graphics, Ryzen 8040 Mobile Processors with Radeon Graphics, Ryzen 7000 Mobile Processors, EPYC Embedded 7003 Processors, EPYC Embedded 8004 Processors, EPYC Embedded 9004 Processors, Ryzen Embedded 5000 Processors, Ryzen Embedded 7000 Processors, Ryzen Embedded V3000 Processors, EPYC Embedded 97X4 and Ryzen 5000 Processors with Radeon Graphics. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-36350. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Microsoft Excel. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-48812. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in GNOME gnome-remote-desktop. Affected by this vulnerability is an unknown functionality of the component RDP PDU Handler. The manipulation leads to resource consumption. This vulnerability is known as CVE-2025-5024. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in jq up to 1.7.1. This issue affects some unknown processing. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2024-23337. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in jq up to 1.7.1. Affected is the function jv_string_vfmt of the file jv.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-48060. It is possible to launch the attack remotely. There is no exploit available.

Cybersecurity friction usually gets framed as a user problem: password policies that frustrate employees, MFA that slows down logins, or blocked apps that send workers into the arms of shadow IT. But there’s a different kind of friction happening behind the scenes, and it’s hitting security teams themselves. It shows up during incident response, threat hunting, and day-to-day tasks. It’s the drag of too many tools, rigid approval chains, and a lack of clarity about … More →

The post Why your security team feels stuck appeared first on Help Net Security.

A vulnerability classified as problematic has been found in Horde Groupware 1.0.5/1.0.6. This affects an unknown part of the file addevent.php. The manipulation of the argument url leads to cross site scripting. This vulnerability is uniquely identified as CVE-2008-1974. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.