Aggregator

Learn how Akamai's Cloud Wrapper evolved to optimize small-object caching, reduce egress costs, and boost SEO rankings for web and media assets.

For the latest discoveries in cyber research for the week of 18th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Canadian House of Commons has suffered a data breach. The incident resulted in unauthorized access to a database containing employees’ names, office locations, email addresses, and information on House-managed computers and […]

The post 18th August – Threat Intelligence Report appeared first on Check Point Research.

Currently trending CVE - Hype Score: 17 - The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for ...

Currently trending CVE - Hype Score: 24 - A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code ...

数据安全风险评估，主要围绕数据和数据处理活动,聚焦可能影响数据的保密性、完整性、可用性和数据处理活动合理性的安全风险，掌握数据安全总体状况,发现数据安全隐患，提出数据安全管理和技术防护措施建议,提升数据安全防攻击、防破坏、防滥用能力。

近日，抖音整理了今年以来最典型的八类诈骗类型，帮助用户一起识破诈骗黑产的陷阱。不下载、不转账、不共享屏幕，不相信天上掉下的馅饼和完美对象，就能躲过大部分诈骗套路。

近日，我国牵头提出的国际标准ISO/IEC 27553-2：2025《信息安全、网络安全和隐私保护 移动设备上使用生物特征识别技术进行身份鉴别的安全和隐私要求 第2部分：远程模式》正式发布。

作为“全球南方”的重要成员，中国积极开展人工智能国际协调与合作，尤其注重包括非洲国家在内的发展中国家的现实需求，团结各国积极推进人工智能发展与治理。

零基础学员必看！代码审计全链路实战

数百个 TeslaMate 实例泄露敏感数据

本题共有32支战队成功提交flag，其中前3名分别是：【时空旅人】、【COMPASS】、【山东安在】

Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government contracting, or education. Some of these standards and frameworks include, but are not limited to:

上周关注度较高的产品安全漏洞(20250811-20250817)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞567个，其中高危漏洞244个、中危漏洞273个、低危漏洞50个。

A vulnerability categorized as critical has been discovered in Fortinet FortiWeb up to 7.0.10/7.2.10/7.4.7/7.6.3. Affected by this issue is some unknown functionality. The manipulation results in improper handling of parameters. This vulnerability is reported as CVE-2025-52970. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Fortinet FortiWeb up to 7.4.8/7.6.3. The affected element is an unknown function of the component CLI Command Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-47857. Local access is required to approach this attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Fortinet FortiWeb up to 7.4.8/7.6.3. Impacted is an unknown function of the component CLI Command Handler. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2025-32766. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is recommended.

Чем проще настройки VPN, тем быстрее их используют в сложнейших атаках.

2025年8月18日09:00，SekaiCTF 2025落幕。

Without strong cyber capabilities at State, America’s partners will turn to unreliable associates in China for infrastructure investment and succumb to cyberattacks that place U.S. forces overseas at risk.

The post By gutting its cyber staff, State Department ignores congressional directives appeared first on CyberScoop.