Aggregator

Flaw Exposes Remote Privilege Escalation Risk
Cisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials.

sudo存在提权漏洞CVE-2025-32463，在特定配置下允许攻击者通过伪造nsswitch.conf文件加载恶意库以获取root权限。

Бесплатные ключи от бывших вымогателей — как подарок на прощание от токсичного бывшего.

De MIVD, de AIVD en de Duitse buitenlandse inlichtingendienst Bundesnachrichtendienst (BND) waarschuwen voor een intensivering van de Russische inzet van chemische wapens in Oekraïne. Dit is een schending van het Verdrag Chemische Wapens. Steeds vaker zet Rusland tegen Oekraïne een breed scala aan chemische wapens in, waarbij ze niet schuwen om sterkere stoffen zoals chloorpicrine te gebruiken. Dit heeft minister Ruben Brekelmans vandaag aan de Tweede Kamer laten weten. 

NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are used in most attacks seen by my employer’s consulting arm and have gotten much more common in the last few years. With most environments vulnerable, NTLM sets the stage for lateral movement and privilege escalation. … More →

The post NTLM relay attacks are back from the dead appeared first on Help Net Security.

De MIVD, de AIVD en de Duitse buitenlandse inlichtingendienst BND waarschuwen voor een intensivering van de Russische inzet van chemische wapens in Oekraïne. Dit is een schending van het Verdrag Chemische Wapens. Steeds vaker zet Rusland tegen Oekraïne een breed scala aan chemische wapens in. Daarbij schuwen ze niet om sterkere stoffen zoals chloorpicrine te gebruiken. Dit heeft minister Ruben Brekelmans vandaag aan de Tweede Kamer laten weten.

Reddit上的r/ReverseEngineering社区专注于逆向工程；有用户寻求低价或免费资源用于牙科软件如3shape。

A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. This vulnerability was named CVE-2025-7061. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

当前环境出现异常，请完成验证后继续访问。

当前环境异常，请完成验证后继续访问。

在5G全面商用与算力网络加速构建的背景下，运营商网络安全格局正在重构。随着网络云化转型、算网融合推进、边缘计算节点大规模部署，运营商面临基础设施泛在化、数据流动复杂化、业务边界模糊化带来的全新安全挑战。DDoS攻击规模化、信令风暴攻击精准化、边缘节点渗透等新型威胁持续升级，安全防御体系亟需从传统网络防护向“云网端”一体化安全演进。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，当前运营商行业网络安全建设呈现几点关键特征：首先，基础设施虚拟化带来全新挑战，云组件和边缘计算节点正成为攻击者重点目标。其次，业务安全需求快速升级，5G网络切片需要实现毫秒级安全隔离，算力网络面临资源可信验证等新课题。第三，安全运营模式持续创新，头部运营商通过构建安全能力中台，将威胁检测、漏洞管理等服务API化。 基于这些发现，我们将重点展示几个具有代表性的运营商行业优秀安全解决方案，为运营商行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编 2025中国网络安全「能源行业」优秀解决方案汇编 2025中国网络安全「制造行业」优秀解决方案汇编 2025中国网络安全「电力（水利）行业」优秀解决方案汇编 2025中国网络安全「互联网行业」优秀解决方案汇编

当前环境出现异常状态,需完成验证后方可继续访问。

Latest Medical Device Vendor to Disclose a Recent Cyber Incident
A Minnesota maker of catheters notified federal regulators it is recovering from a cyberattack discovered in early June that rendered a portion of its IT systems and data inaccessible. Threat actors gained unauthorized access to some IT systems making certain systems and data unavailable.

Experts Warn Funding Gaps Elevate Cyber Risk
A breach of Columbia University’s IT systems after repeated attacks by U.S. President Donald Trump is highlighting how universities are unprepared for today’s threat landscape. Schools often leave campuses without enough resources for strong cyber defenses.

Also, Spain Arrests Hacker Behind Leaks Targeting Politicians and Journalists
This week, Chinese sites mimicked brands, Spain arrested data leak hackers, Swiss health nonprofit ransomware attack, ICC probed a cyberattack, UNFI restored systems, a flaw in smart tractors, RomCom RAT. A U.K. man sentenced for locking employer out of network. A WordPress hack installs a Trojan.

Flaw Exposes Remote Privilege Escalation Risk
Cisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials.

Технологические гиганты не справляются — мошеннические сайты множатся.

Submit #600881 / VDB-314836

In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains how attackers now use AI-powered, multi-channel phishing tactics to target fresh employees who are still unfamiliar with internal processes, faces, and norms. Ucar shares real-world examples, and practical, human-centric strategies to reduce risk and protect both employees and organizations from day one.

The post New hires, new targets: Why attackers love your onboarding process appeared first on Help Net Security.

PrivacyCheck 更新 适配HAE的URL信息提取规则