Aggregator

“顶流”AI安全专家集结，直击关键风险与纵深防御

Кто стоит за ударом по цифровой инфраструктуре штата?

奇安信威胁情报中心红雨滴团队观察到某医疗客户部署在外网的SharePoint服务器被入侵，执行恶意powershell被天擎拦截，后续分析发现基于golang的4L4MD4r勒索软件，该武器似乎属于mimo团伙，一个具有经济动机的威胁行为者

In a significant development that highlights both the advancing capabilities of AI and potential vulnerabilities in web security systems, a ChatGPT-powered agent has successfully bypassed Cloudflare’s widely-used “I am not a robot” verification system. The breakthrough, demonstrated through automated interactions with Cloudflare’s security interface, shows the AI agent completing the human verification process that millions […]

The post ChatGPT Agent Defeats Cloudflare’s ‘I Am Not a Robot’ Security Check appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

微软承认根据美国的 Cloud Act 法，它无法保障法国或其它欧洲国家客户的数字主权。Cloud Act 允许美国政府 访问美国科技公司的数据，即使数据存储在位于海外的服务器上。微软法国代表 Anton Carniaux 和 Pierre Lagarde 在接受法国议会咨询时表示，微软会抵制无根据的数据请求，但有法律义务遵守有效的数据请求。根据微软的透明度报告，它至今未收到美国政府要求访问储存在欧洲服务器上的信息的数据请求，但地缘政治紧张局势令欧盟国家对此感到担忧。Legrande 表示，过去三年来微软实现了一个技术环境以最大限度减少数据传输，将欧洲客户数据保存在欧盟境内。

SciMaster 让科研不再只是科学家的专属，也让「像科研一样思考」成为更多人的可能。

A critical security vulnerability in the popular AI-powered development platform Base44 allowed unauthorized attackers to bypass authentication controls and gain access to private enterprise applications, according to a new report from Wiz Research. The flaw, which has since been patched, exposed sensitive corporate data across multiple organizations using the vibe coding platform for internal tools […]

The post Severe Vulnerability in AI Vibe Lets Attackers Access Private User Applications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ChatGPT agents demonstrate the ability to autonomously bypass Cloudflare’s CAPTCHA verification systems, specifically the ubiquitous “I am not a robot” checkbox.  This development, first documented in a viral Reddit post on the r/OpenAI community, showcases the evolving sophistication of AI agents in navigating web security measures. Key Takeaways1. ChatGPT agent successfully bypassed Cloudflare's "I am […]

The post ChatGPT Agent Bypasses Cloudflare “I am not a robot” Verification Checks appeared first on Cyber Security News.

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to cross site scripting. This vulnerability was named CVE-2025-8340. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8339. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-8338. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #624681 / VDB-318292

Submit #624673 / VDB-318291

Windows11轻松设置是一款由oyksoft开发的系统优化工具，支持禁用系统还原、搜索热点等功能，并可卸载预装软件、安装常用软件及修改Edge和隐私设置等，适合喜欢深度优化系统的用户使用。

A vulnerability has been found in Silabs Zigbee Stack up to 4.3.4/2024.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to unchecked return value. This vulnerability is known as CVE-2025-1394. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as critical, was found in Silabs Zigbee up to 4.3.3/2024.6.1. Affected is an unknown function of the component CPCd. The manipulation leads to improper locking. This vulnerability is traded as CVE-2025-1221. Access to the local network is required for this attack. There is no exploit available.

Submit #624670 / VDB-315870

Submit #624648 / VDB-315160

Submit #624646 / VDB-318290

A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_vehicles.php. The manipulation of the argument car_name leads to cross site scripting. The identification of this vulnerability is CVE-2025-8337. The attack may be initiated remotely. Furthermore, there is an exploit available.