Aggregator

GitHub CEO托马斯·多姆克宣布辞职，并将留任至2025年底以协助过渡。GitHub将被并入微软CoreAI团队成为子部门，不再设CEO职位。自2018年被微软以75亿美元收购以来，GitHub一直保持独立运营。

KISS Translator 是一款开源免费的全能翻译插件，支持网页双语对照翻译、划词翻译、悬浮翻译等功能，并可调用多种 AI API 服务。适合外语学习者、科研工作者及技术开发人员使用。

为深化情报学领域的人才培养战略，激发学生对开源情报分析的热情，强化学生在数据采集、深度分析及情报应用等方面的综合技能.特举办“第三届全国大学生开源情报数据采集与分析大赛”。

俄罗斯情报体系包含多个重叠且竞争的机构，主要机构包括联邦安全局（FSB）、对外情报局（SVR）、总参谋部情报总局（GRU）、联邦保卫局（FSO）等。

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 67.x. Affected is an unknown function of the component Network Security Services. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2019-11727. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mbed TLS up to 2.28.9/3.6.2. This affects the function mbedtls_ssl_set_hostname. The manipulation of the argument Hostname leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-27809. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

PrivacyCheckGo 是一款基于Go语言开发的敏感信息检测工具

谷歌向发现Chrome沙盒逃逸漏洞的研究人员奖励25万美元，创Chrome VRP计划最高纪录。该高危漏洞已修复并公开细节。

NIST's Apostol Vassilev Explains Need for Dynamic Response, Not Static Testing
As AI models grow in scale and power, leading to even more unpredictable outcomes, security teams are grappling with how to defend technologies that some experts can't begin to fully comprehend. Cyber response teams are exploring the practice of continuous red teaming, said NIST's Apostol Vassilev.

Tokio Marine HCC Targets Vulnerabilities Before They’re Exploited
With ransomware incidents at record highs, Tokio Marine HCC integrates dark web monitoring, vulnerability scanning and incident data into its underwriting process to help clients close gaps and lower the chance of costly breaches.

At Least 918K Affected in 2024 BianLian Data Theft Attack
A New York-based pediatric practice and its managed services vendor have agreed to pay $5.15 million to settle a proposed class action lawsuit stemming from a 2024 data theft attack affecting more than 918,000 people and allegedly carried out by cybercrime gang BianLian.

NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure
A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure.

On August 3rd, 2025 GreyNoise observed a significant spike in brute-force traffic targeting Fortinet SSL VPNs. Over 780 unique IPs triggered our Fortinet SSL VPN Bruteforcer tag in a single day — the highest single-day volume seen on this tag in recent months.

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands.

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands.

文章未找到,提示检查地址并重试,错误代码404.

责罚从严，企业请对照清单自查！

A vulnerability, which was classified as critical, was found in WP Compress Plugin up to 6.30.15 on WordPress. This affects the function init. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-2109. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in WP Compress Plugin up to 6.30.15 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-2110. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Arcadia Crafty Controller up to 4.2.3/4.3.2/4.4.9. This issue affects some unknown processing of the component Server Name Form/API Key Form. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-5990. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.