Aggregator

CVE-2025-54876 | JanssenProject jans up to 1.9.0 cli_cmd.log insufficiently protected credentials (GHSA-2f4x-m695-jvp3)

VulDB Recent Entries
6 months 1 week ago
A vulnerability has been found in JanssenProject jans up to 1.9.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cli_cmd.log. The manipulation leads to insufficiently protected credentials. This vulnerability is known as CVE-2025-54876. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-54125 | xwiki-platform up to 16.4.6/16.10.4/17.1.x templates/xml.vm exposure of private personal information to an unauthorized actor (GHSA-57q2-6cp4-9mq3)

VulDB Recent Entries
6 months 1 week ago
A vulnerability, which was classified as problematic, was found in xwiki-platform up to 16.4.6/16.10.4/17.1.x. Affected is an unknown function of the file templates/xml.vm. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is traded as CVE-2025-54125. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

AI in the SOC: Game-changer or more noise?

Help Net Security
6 months 1 week ago

In this Help Net Security video, Kev Marriott, Senior Manager of Cyber at Immersive Labs, explores the challenges and opportunities of integrating AI into Security Operations Centers (SOCs). While AI can boost productivity by automating manual tasks and reducing alert fatigue, Kev emphasizes that human expertise remains critical for contextual analysis, incident response, and threat hunting. He cautions against over-reliance on AI, highlights potential risks, including standardization, misconfigurations, and evolving threat actor tactics, and urges … More →

The post AI in the SOC: Game-changer or more noise? appeared first on Help Net Security.

Help Net Security

CVE-2025-54124 | xwiki-platform up to 16.4.6/16.10.4/17.1.x Password Hash exposure of private personal information to an unauthorized actor (GHSA-r38m-cgpg-qj69)

VulDB Recent Entries
6 months 1 week ago
A vulnerability, which was classified as problematic, has been found in xwiki-platform up to 16.4.6/16.10.4/17.1.x. This issue affects some unknown processing of the component Password Hash Handler. The manipulation leads to exposure of private personal information to an unauthorized actor. The identification of this vulnerability is CVE-2025-54124. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

全球视野下的合规之道:携程海外数据安全管理实践

信息安全知识库
6 months 1 week ago
本文链接


出海成为众多国内企业实现业绩新增长曲线的选择,然而随着数据的重要性提升,法律及监管关注度也在增强,携程作为在线旅行行业较早布局海外业务的企业,在海外数据安全合规风险上也有所积累。本次演讲将分享携程海外数据安全合规风险管理的思路和经验,希望能给相关出海企业企业带来一些合规实践上的启示。

演讲提纲

  1. 出海面临的数据安全合规挑战

法律法规近些年主要变化及监管挑战 从数据视角深度剖析出海合规风险 2. 携程应对策略及实践

携程的海外合规整体策略设计 如何通过GRC平台形成风险管理闭环 如何保障旗下Trip.com产品的隐私合规 3. 海外数据安全合规未来展望和应对思考

实践痛点

合规风险管理线上化需要建立在标准化的风险管理、优秀的产品设计、合理的内部运营流程等基础上,才能实现控制域的完备性、控制方法的准确性、关键控制的有效性、审计覆盖的充分性等关键指标。

演讲亮点

结合合规实战介绍部分法域的合规挑战 介绍携程自研GRC(Governance, Risk and Compliance )平台如何融合监管情报、外规内化、审计整改等多个治理环节,解决出海过程中面临多法域、多品牌的风险管理挑战 听众收益

帮助了解现有海外数据安全相关合规的整体风险态势 帮助了解标准化及线上化在多法域数据安全合规风险管理中的价值

CVE-2025-48075 | gofiber 2.52.6 fiber.Ctx.BodyParser array index (Duplicate CVE-2025-54801 / GHSA-hg3g-gphw-5hhm)

Vuldb Updates
6 months 1 week ago
A vulnerability, which was classified as problematic, was found in gofiber fiber 2.52.6. Affected is the function fiber.Ctx.BodyParser. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2025-48075. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component. It looks like this entry got a duplicate CVE-2025-54801 assigned.
vuldb.com

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

The Hackers News
6 months 1 week ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - CVE-2020-25078 (CVSS score: 7.5) - An
The Hacker News

The Semiconductor Industry and Regulatory Compliance

不安全
6 months 1 week ago
特朗普政府为应对中美贸易谈判及地缘政治威胁,收紧对先进半导体的出口管制。然而,依赖私营企业执行的管制效果有限,违规现象频发。需通过加大违规处罚、推动企业投资合规机制及加强监管力度来应对挑战。

CISOs say they’re prepared, their data says otherwise

Help Net Security
6 months 1 week ago

Most security teams believe they can act quickly when a threat emerges. But many don’t trust the very data they rely on to do so, and that’s holding them back. A new Axonius report, based on a survey of 500 U.S.-based IT and security leaders, shows a disconnect between perceived readiness and actual performance in vulnerability and exposure management. While 90% of respondents said their organization is prepared to act when a threat is found, … More →

The post CISOs say they’re prepared, their data says otherwise appeared first on Help Net Security.

Sinisa Markovic

百度基于大模型安全运营的质效提升实践

信息安全知识库
6 months 1 week ago
本文链接


百度作为一家业务复杂的大型互联网企业,同时又是关键基础设施,随着网络安全威胁的日益加剧,传统的安全运营手段在效率和效果上都面临巨大挑战。本次分享将介绍百度如何基于大模型构建深度安全推理智能体框架,实现运营效率和效果的双重提升,并展示包括告警自动研判和漏洞事件分析在内的实践经验,希望能给听众带来一些大模型安全领域应用最佳实践的启示。

演讲提纲

  1. 背景和挑战

大模型开始逐步应用于安全运营场景 百度安全运营面临的双效(效率+效果)提升需求 2. 架构设计

设计目标:基于深度安全推理智能体框架,实现双效提升 设计考虑:人机协同的工作流设计(运营流程梳理、质量标准定义、人机交互模式)、模型能力边界与拓展(模型结果可信度和可解释性、知识和工具依赖)、实施成本 整体架构(自底向上): 底座模型的知识补充 RAG、CoT、Function calling 流程编排 智能体 Review 机制 3. 实践案例

告警自动/辅助研判 + 事件处置 漏洞事件自动分析 + 处置 4. 未来展望

大模型原生的安全运营中心 实践痛点

明确目标,围绕安全运营场景的风险偏好,制定更贴合实际的落地目标,避免直接盲目追求大而全的零职守无人干预 以数据驱动能力迭代,缺少可用数据时应当从实际场景中提升标准化和自动化水平,引入业务的数据活水,避免直接使用脱离业务的合成数据 演讲亮点

从架构设计层面剖析安全运营场景双效提升应遵循的必要准则,提供构建深度安全推理智能体框架的完整视角 细粒度展现告警研判、漏洞分析处置等实际场景的双效提升最佳实践 听众收益

了解互联网大厂的安全运营需求痛点与大模型实践经验 了解规模化且对效果要求较高的安全运营场景下,大模型智能体设计考虑与整体架构

Managed ad