Aggregator

可信华泰受邀参加第十三届互联网安全大会（ISC.AI 2025），展示了其在可信计算与人工智能融合领域的前沿成果，包括“DeepSeek安全可信一体机”和“kxmind大模型”，并探讨了可信技术在AI安全中的应用与未来发展。

A vulnerability was found in Hugging Face Transformers. It has been rated as critical. This issue affects some unknown processing of the component MobileViTV2 Handler. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-11392. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Zabbix up to 6.0.31/6.4.16/7.0.1 and classified as critical. Affected by this vulnerability is the function addRelatedObjects of the component API. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-42327. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Typecho 1.3.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-35540. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in X2CRM 8.5. This vulnerability affects unknown code of the component Opportunities Module. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2024-48120. The attack can be initiated remotely. Furthermore, there is an exploit available.

APT37使用RoKRAT恶意软件新变种进行攻击活动;APT36针对印度政府实体的网络钓鱼活动;Lazarus 针对开源生态系统进行大规模持续渗透;Secret Blizzard 利用 ISP 服务植入间谍软件针对外交人员

当前环境出现异常状态，需完成验证后方可继续访问服务。

一个Reddit子版块r/deepweb致力于辟谣都市传说并分享Tor深网的真实信息。用户询问是否有巴西相关论坛讨论城市可能发生的大屠杀事件。

该文章介绍了Pentest-Windows项目——一个专为渗透测试设计的Windows环境。支持多种虚拟机（如VMware、Parallels Desktop、VirtualBox）及架构（包括x64和Arm64），内置360多种分类工具（如信息收集、漏洞扫描、端口扫描等），适用于网络安全攻防研究与实践。

A vulnerability was found in Red Hat OpenShift Lightspeed Service. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component API. The manipulation leads to resource consumption. This vulnerability is known as CVE-2025-2586. The attack can be launched remotely. There is no exploit available.

文章讨论了网络安全等级测评中存在的低价竞争问题，指出三级测评现场工作需200小时以上，人工成本远超两万元。低价导致服务质量下降、合规性存疑及人证不符风险。

欧盟议会重新提出法案强制扫描应用通信内容阻止儿童性虐待材料传播，影响WhatsApp等端到端加密应用。法案若通过将在2025年执行，破坏加密体系。政府军方账户豁免。部分国家支持。

手脱Linux下的UPX变形壳样本

当前环境出现异常,需完成验证后方可继续访问。

美国执法机构与多国合作摧毁BlackSuit勒索软件团伙的关键基础设施，缴获服务器等资产并接管其网站。该团伙曾以450多个实体为目标获取超3.7亿美元赎金。部分成员已转向新勒索软件Chaos。

Two weeks ago, the ransomware gang’s darknet extortion sites were seized in an operation involving police from more than nine countries including Germany, France and the United Kingdom.

A vulnerability classified as critical has been found in PostHog. Affected is an unknown function of the component ClickHouse Table Function Handler. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-1520. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GitLab Enterprise Edition up to 17.7.6/17.8.4/17.9.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-1257. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.7.6/17.8.4/17.9.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-0652. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Brizy Pro Plugin up to 2.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-26901. The attack may be initiated remotely. There is no exploit available.