Aggregator

Taiwan warned that popular Chinese-owned apps, including TikTok and Weibo, are harvesting personal data and sending it back to servers in China

臭名昭著的Hunters International勒索软件即服务团伙宣布关闭，并向受害者提供免费解密工具。该组织未具体说明关闭原因，但暗示是经过慎重考虑并基于近期发展做出的决定。此前该团伙曾多次宣布关闭但继续活跃，并可能转型为专注于数据窃取和勒索的新组织World Leaks。值得注意的是，该团伙从未攻击过俄罗斯境内的组织。尽管其关闭可能被视为网络安全领域的胜利，但其潜在卷土重来的可能性仍需警惕。

A security researcher has uncovered a significant vulnerability affecting Lenovo computers: a writable file within the Windows directory that can be exploited to bypass AppLocker restrictions. The file in question, C:\Windows\MFGSTAT.zip, is present on many Lenovo machines that ship with the manufacturer’s default Windows image. This issue, initially thought to affect only a handful of […]

The post Writable File in Lenovo Path Lets Attackers Evade AppLocker Restrictions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

当前环境出现异常问题，需完成验证后方可继续访问服务。

当前环境异常，请完成验证后继续访问。

速修复

速修复

中国考古学家在云南省江川县甘棠箐遗址发掘出土的 35 件保存完好的、年代约为距今 30 万年的木器，以及与木器伴生的文化遗存如大量石制品、骨角器、动物化石和植物遗存。甘棠箐遗址出土的木器和鹿角“软锤”是目前东亚地区最早的发现，在世界范围内的旧石器时代遗址中亦属罕见。遗址发现于 1984 年，1989 年被首次发掘，2014 年至 2015 年和 2018 年至 2019 年遗址被再次发掘，出土了丰富的石制品、动物化石、木质材料、植物种子。此次发表的材料全部来自新近两次考古发掘。研究团队确定古人类在遗址活动的时间约为距今 36 至 25 万年。研究多方面改写了学界对旧石器时代人类生存能力和方式以及东亚旧石器时代文化特点与成因的认识，如竹木器在东亚、东南亚古人类生产生活中的作用及其对旧石器时代“竹木器假说”的实证意义。该发现首次揭秘了古人类采集经济状态，全面展现了远古盘中餐中广谱食材的种类，提供了先民用木器挖掘可食性植物根茎的可靠证据，揭示了生活在热带、亚热带环境下的东南亚古人群独特的资源利用策略和适应生存方式。

Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers.

Чем ещё удивит нас Windows 11?

Security researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity and may reveal weaknesses in this hybrid management system. Introduced in 2019, Azure Arc extends Azure’s native management capabilities to non-Azure resources, including on-premises servers and Kubernetes clusters, through the […]

The post Researchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

一个关于计算机取证的 subreddit 讨论如何分析 Proxmox 机器上的 RAM 转储。发帖人尝试使用标准符号文件但未成功，怀疑 Proxmox 的内核是定制的导致问题，并寻求是否需要继续编译 PVE 内核以创建符号文件的帮助。

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

特朗普政府正在解散国家科学基金会（NSF），科学家警告，一整代人才可能会从美国流失到竞争对手。NSF 现任和前任员工接受采访时表示，NSF 用于支持尖端、高影响力科学研究的同行评审流程因人员、项目和拨款的混乱削减以及政府效率部（Doge）的干预而受到破坏。科学家警告说，特朗普政府对科学多样性的攻击已经损害了 NSF 资助的基础研究的质量。NSF 是基础科学和工程领域美国最重要的联邦资助机构，一周前该机构逾 1800 名工作人员被下令从总部撤出，住房和城市发展部接管了该机构的办公楼。

Real-time data governance provides security and privacy teams with immediate visibility into what is happening, allowing them to stop a problem before it becomes a crisis.

The post Mastering Real-Time Cloud Data Governance Amid Evolving Threats and Regulations appeared first on Security Boulevard.

实时数据治理在云生态系统中至关重要，涉及数据准确性、保护及负责任使用。通过自动化策略分类数据、应用安全控制并追踪 lineage，在问题发生前发出警报。整合元数据目录与安全信息管理解决方案实现端到端可见性与控制。机器学习模型检测异常行为，结合规则检查形成多层防御。动态政策管理适应法规变化，并通过透明报告与培训建立信任。

A critical security vulnerability has been discovered in HIKVISION’s applyCT component, part of the HikCentral Integrated Security Management Platform, that allows attackers to execute arbitrary code remotely without authentication.  Assigned CVE-2025-34067 with a maximum CVSS score of 10.0, this vulnerability stems from the platform’s use of a vulnerable version of the Fastjson library, exposing millions […]

The post Critical HIKVISION applyCT Vulnerability Exposes Devices to Code Execution Attacks appeared first on Cyber Security News.

A newly disclosed vulnerability, tracked as CVE-2025-34067, has been identified in HIKVISION’s widely deployed security management platform, applyCT (also known as HikCentral).  This critical flaw allows unauthenticated remote code execution (RCE), putting countless surveillance and security infrastructures at risk across government, commercial, and industrial sectors. Its advanced analytics and scalable architecture make it a popular choice […]

The post Critical HIKVISION applyCT Flaw Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Android 应用开发如火如荼，而深入了解其底层原理和掌握强大的工具，能让你在开发、测试以及安全分析等领域如

西班牙警方破获亿元投资诈骗案，抓捕21人 。