Aggregator

前美国国家安全局（NSA）局长、中央安全局局长和网战司令部司令、现 OpenAI 董事、退役陆军上将保罗·仲宗根（Paul Nakasone）在拉斯维加斯出席 Defcon 网络安全大会，与 Defcon 创始人 Jeff Moss 谈论了美国当前的政治气候。特朗普当局解雇了被认为不忠诚的网络安全官员，撤销了前 CISA 主任 Chris Krebs 和 Jen Easterly 的安全许可，仲宗根评论说，美国科技公司在 2025 和 2026 年试图保持中立将会非常非常困难。

Researchers just proved LLMs can autonomously plan and execute full-scale cyberattacks — turning AI from a tool into an active threat actor.

The post And Now, LLMs Don’t Need Human Intervention to Plan and Execute Large, Complex Attacks  appeared first on Security Boulevard.

Ivanti has released critical security updates addressing multiple high and medium-severity vulnerabilities across its Connect Secure, Policy Secure, and Zero Trust Access (ZTA) gateway products.  The vulnerabilities, identified through internal discovery and responsible disclosure programs, could enable remote attackers to trigger denial-of-service (DoS) attacks without authentication, though no active exploitation has been detected at the […]

The post Ivanti Connect Secure, Policy Secure and ZTA Vulnerabilities Let Attackers Trigger DoS Attack appeared first on Cyber Security News.

Cybersecurity researchers at GreyNoise have detected an alarming surge in brute-force attacks against Fortinet SSL VPN systems, with over 780 unique IP addresses launching coordinated attacks in a single day—marking the highest daily volume recorded for this type of attack in recent months. The sophisticated campaign appears to represent a significant escalation in targeting Fortinet’s […]

The post Fortinet SSL VPN Targeted by Hackers from 780 Unique IP Addresses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ЛДПР предложила блокировать мат в соцсетях и на сайтах.

Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments

Creator, Author and Presenter: Wendy Nather

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Fire, Brimstone And Bad Security Decisions appeared first on Security Boulevard.

Ivanti has released critical security updates addressing multiple vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products that could allow remote attackers to launch denial-of-service attacks. The company disclosed four vulnerabilities on August 12, 2025, with CVSS scores ranging from medium to high severity, though no active exploitation has been detected at the […]

The post Ivanti Connect Secure, Policy Secure, and ZTA Flaws Allow Attackers to Launch DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jenkins disclosed CVE-2025-53652, also known as SECURITY-3419, as part of a batch of 31 plugin vulnerabilities. Initially rated as medium severity, this flaw affects the Git Parameter plugin and was described merely as enabling attackers to inject arbitrary values into Git parameters a description that understated its potential for severe exploitation. However, deeper analysis reveals […]

The post 1,500 Jenkins Servers Vulnerable to Command Injection via Git Parameter Plugin appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本文链接

腾讯 TEG 安全平台部代码安全负责人张栋已确认出席，并发表题为《大模型驱动安全升级：腾讯代码安全应用实践》的主题演讲。安全漏洞是每一个企业都必须面对的问题，处理不好动辄影响服务可用性、导致核心业务敏感数据泄露，对业务及公司造成不良影响。基于此在企业研发体系中，绝大多数企业会选择通过安全左移在软件开发生命周期的早期阶段进行风险识别和安全问题修复。但是，传统的静态分析工具本身因其检测方式导致的覆盖有限、高误报、修复效率低等问题，增大了业务团队负担，致使业务对安全问题响应慢、体感差。在本次分享中，张栋将结合腾讯内部的实践经验，深入探讨大模型在代码安全场景中的应用，分享在不同发展阶段其遇到的挑战及其解决方案。

演讲提纲 1.代码安全现状及问题分析

• 传统代码安全现状
• 传统代码安全痛点
• 业务安全场景痛点
• 传统代码安全的局限性

2. 大模型在代码安全场景应用与挑战

• 大模型赋能传统工具
• 大模型助力安全左移
• 大模型自动化漏洞检测

3. 技术架构及解决方案

• 行业前沿解析
• 架构设计及能力演进
• 基础能力建设

4. 总结及展望

• 工程实践心得
• 大模型在代码安全场景落地的方向

演讲亮点

• 代码安全场景大模型落地思路及过程经验分享
• 大模型自动化漏洞扫描思路及过程经验分享
• 专用领域大模型的微调思路及过程经验分享

听众收益

• 了解专用模型领域微调思路及落地实践
• 了解大模型落地过程中常见问题及解决方案
• 了解大模型赋能安全的基础上，进一步泛化至其他应用场景

本文链接

PyTorch 是一个基于 Torch 库的机器学习库，广泛应用于计算机视觉和自然语言处理等领域。它是最受欢迎的深度学习框架之一。

然而，尽管 PyTorch 拥有强大的功能，但其背后潜藏着潜在的安全风险。最初，PyTorch 使用 pickle 保存模型，但由于 pickle 反序列化的不安全性，加载模型时存在远程代码执行（RCE）的风险。随后，PyTorch 引入了 weights_only 参数来增强安全性。官方文档指出，weights_only=True 被认为是安全的，并建议使用它，而不是 weights_only=False。

多年来，weights_only=True 的安全性一直没有受到挑战。然而，我们的研究揭示了一些令人不安的事实。我们发现，使用 weights_only=True 的 torch.load 支持 TorchScript，这促使我们深入研究 TorchScript 的内部工作机制。在一段时间的研究后，我们发现了几个漏洞，并最终实现了远程代码执行（RCE）。我们迅速将这一发现报告给了 PyTorch，PyTorch 确认了该漏洞并为我们分配了 CVE-2025-32434。这个发现颠覆了已有的认知，并对许多 AI 应用产生了深远的影响。我们将在本报告中深入分析该漏洞的影响。

在本次简报中，我们将介绍如何获得灵感并发现这一有趣的漏洞。同时，我们的发现再次验证了这句话：“你曾以为的安全港，实际上是敌人的水域。”

The first documented deployment of the novel malware in a campaign against the Middle Eastern public sector and aviation industry may be tied to China's state-sponsored actor Earth Baxia.

A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. [...]

FortiGuard Labs has reported a dramatic spike in exploitation attempts targeting CitrixBleed 2, a critical buffer over‑read flaw (CVE‑2025‑5777) affecting Citrix NetScaler ADC (Application Delivery Controller) and Gateway devices. Since July 28, 2025, they have detected over 6,000 exploitation attempts, mostly in the US, Australia, Germany and the UK, “with adversaries primarily focusing on high-value sectors such as technology, banking, healthcare, and education.” Meanwhile, the Dutch National Cyber Security Centre (NCSC‑NL) has confirmed that another NetScaler … More →

The post Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) appeared first on Help Net Security.

有 133 年历史的柯达公司警告投资者该公司可能停止运营。柯达在最新财报中称，它缺乏资金去偿还约 5 亿美元的即将到期的债务。柯达计划通过停止支付退休金计划筹集现金，该公司的产品如相机、墨水和胶卷都在美国生产，因此关税不会对其业务产生影响。柯达（Eastman Kodak）成立于 1892 年，创始人 George Eastman 在 1888 年出售了第一台柯达相机。柯达的名字是 Eastman 生造出来的。柯达一度占据了美国 90% 的胶卷和 85% 的相机销量，虽然它研制出了第一台数码相机，但却将其拱手让出，最终在数字摄影时代落后，2012 年申请破产保护，2020 年转型为制药原料生产商获得了短暂的喘息。

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. [...]

The recent exploitation of Microsoft SharePoint vulnerabilities highlights a critical gap in traditional, reactive cybersecurity strategies. Learn how a proactive exposure management approach empowers federal agencies to reduce risk, streamline operations and stay secure.

Weeks ago, Microsoft disclosed four vulnerabilities affecting on-premises versions of SharePoint servers and warned about active exploit campaigns. So far, hundreds of organizations globally have been impacted, including the U.S. National Nuclear Security Administration (NNSA). Attackers include Chinese nation-state groups.

This attack highlights a growing reality: reactive cybersecurity practices are no longer sufficient in the face of today’s persistent and well-resourced adversaries.

In this blog, we’ll explore why these SharePoint vulnerabilities and attacks should serve as a wake-up call for federal agencies and how a proactive exposure management approach can help mitigate risk, increase efficiency, reduce costs and accelerate modernization initiatives. 

A persistent threat that won’t disappear with a patch

The SharePoint vulnerabilities underscore the risks of traditional, reactive security models that focus primarily on detection and response. The Chinese threat actor groups exploiting the vulnerabilities frequently use stolen credentials to establish persistent backdoors. This means that while patching a vulnerability is critical, it may not be enough. Once attackers gain access, they could maintain persistent footholds within agency environments, long after the original flaw has been addressed. On-premises servers, like the SharePoint servers affected by these vulnerabilities, are often popular targets for hackers, because organizations often set them up and then fail to regularly update them and patch their vulnerabilities. (SharePoint Online in Microsoft 365 isn’t affected.)

Look no further than the high-severity Microsoft Exchange vulnerability (CVE-2025-53786), which Microsoft disclosed last week and prompted CISA to issue Emergency Directive (ED 25-02). This elevation-of-privilege vulnerability allows attackers with administrative privileges to on-prem Exchange Servers to escalate privileges and compromise connected cloud environments.

“For on-premises software like SharePoint, which is deeply integrated into the Microsoft identity stack, there are multiple points of exposure that need to be continuously monitored in order to know, expose and close critical gaps.”

 - Robert Huber, Chief Security Officer, Tenable, speaking to Wired

The limitations of reactive security 

Historically, many agencies have relied on perimeter defense and reactive detection mechanisms to address threats after the fact. This approach leaves security blind spots, particularly in complex agency environments where on-prem, cloud, OT and identity systems intersect. 

When attackers can exploit a single vulnerability to steal credentials and navigate laterally across a network, agencies need a better way to anticipate and prioritize risk before adversaries act. Accelerating response times is key. When working with IT teams to patch hundreds of vulnerable instances, it’s critical to start with the highest risk exposures, such as those with domain privileges, external-facing systems, or assets connected to critical attack paths, then work down from critical to low exposure. This target approach ensures resources are focused where they can have the greeted impact, faster. 

Why exposure management is the path forward

A preventative approach to cybersecurity focuses on identifying and eliminating exposures before they’re exploited. This is where exposure management becomes critical. It provides visibility across your entire environment, prioritizing risk based on context and guiding action before attackers can take advantage. Just as importantly, it accelerates response times, empowering teams to move quickly by focusing first on the exposure that poses the greatest risk. 

Exposure management enables agencies to:

• Understand your attack surface: Agencies gain a holistic view of all assets including cloud, IT, OT, IoT, identities and apps.
• Pinpoint preventable risks: Because exposure management can detect vulnerabilities, misconfigurations and excessive privileges, you’ll quickly identify high risk assets.
• Accelerate response and remediation: Prioritize and address exposures that are externally facing, linked to privileged access or part of critical attack paths. This reduces dwell time and minimizes impact.
• Connect with mission goals: Group assets by business function using asset tagging and track exposure changes with cyber exposure scores.
• Shift focus from vulnerabilities to risk: Go beyond volume by understanding exploitability, asset value and business impact and mapping attack paths to critical assets.
• Understand true your risk exposure: Consolidate siloed data from multiple tools into a single platform, reducing complexity and enabling faster, more informed decisions. 

How exposure management solves key federal cybersecurity challenges

Federal agencies face a unique set of cybersecurity challenges: complex hybrid environments, aging infrastructure, siloed systems and increasing pressure to comply with evolving mandates like zero trust and Federal Information Security Management Act (FISMA) modernization. Exposure management platforms help agencies overcome these challenges by providing the following benefits.

Unified visibility across attack surfaces

Exposure management delivers a single, continuous view of all assets across IT, cloud, OT/IoT, web apps and identity systems, so agencies can eliminate blind spots and uncover hidden risks. For example, in the case of the recent SharePoint vulnerabilities, agencies can leverage external attack surface management (ASM) to discover previously unknown, internet-facing SharePoint instances that could be exposed to threat actors.

Risk-based prioritization

Agencies can shift from reactive alert fatigue to proactive risk reduction by focusing on exposures most likely to be exploited based on asset criticality, business impact and potential attack path. In the case of the SharePoint vulnerabilities, agencies can quickly isolate SharePoint assets with toxic risk combinations, such as those that are internet-facing or have excessive privileges, so teams can take immediate action instead of trying to boil the ocean.

Support for zero trust maturity

Exposure management ties asset and identity insights together to help agencies enforce zero trust principles like least privilege, continuous validation and segmentation. In the case of SharePoint, this approach could have enabled agencies to quickly pinpoint which vulnerable instances were externally accessible or had elevated domain privileges, knowledge that is critical for limiting lateral movement and enforcing access controls

Tool consolidation and cost efficiency

Instead of relying on multiple siloed tools to manage assets and vulnerabilities across the attack surface, exposure management unifies these capabilities under one platform. This reduces complexity, improves response times and cuts overhead costs. In response to the Sharepoint vulnerabilities, for example, agencies could eliminate the need to toggle between endpoint, network, cloud and identity tools so that analysts can streamline investigations and quickly identify and prioritize impacted systems.

Operational efficiency and automation

By automating asset discovery, risk prioritization and remediation workflow, exposure management allows security teams to respond quickly and effectively, even with limited resources. For example, when the SharePoint vulnerabilities emerged, agencies could have immediately surfaced affected assets, prioritize those with toxic risk combinations and initiated guided response actions, all in a single platform with centralized visibility and reporting. 

Accountability and measurable progress

To meet federal mandates and demonstrate mission aligned outcomes, agencies need clear metrics and reporting. Exposure management enables agencies to track compliance with service level agreements, visualize risk reduction over time and generate consolidated reports that span IT, cloud, identity and OT environments. In the context of SharePoint, this means standing up focused remediation initiatives with measurable impact and clearly showing progress to leadership and auditors alike. 

With an exposure management platform, federal agencies not only improve security outcomes, they simplify operations, reduce costs and accelerate strategic initiatives like zero trust and broader IT modernization.

Tenable’s FedRAMP-authorized Tenable One Exposure Management Platform gives federal agencies the visibility and insight they need to stay ahead of threats like the SharePoint vulnerability. 

Learn more:

• Tenable Research Blog: CVE-2025-5337: Frequently Asked Questions About Zero Day SharePoint Vulnerability Exploitation
• Tenable eBook: Protecting federal government infrastructure and data from cyber attacks
• Datasheet: Tenable One FedRAMP

Sherman Silverstein Data Leak, 5GB of Sensitive Client and Firm Information Allegedly Exposed

Frenchie Data Leak, 6,052 Customer Records Allegedly Exposed