Aggregator

为深入研究情报工作对未来战争的影响，同时为广大军事爱好者提供一个交流平台，四川警察学院开源情报研究中心拟联合北京瞰天科技有限公司开展一次“俄乌战争中情报工作得失与启示”的论文征集活动。

所有In-Q-Tel正在投资的公司数据已上传知识星球

A vulnerability was found in MyBB up to 1.8.0 and classified as problematic. This issue affects some unknown processing of the file report.php. The manipulation of the argument file leads to cross site scripting. The identification of this vulnerability is CVE-2014-9241. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Arcadia Internet Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality in the library tradecli.dll. The manipulation of the argument template leads to information disclosure (Path). This vulnerability is known as CVE-2001-0704. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

特斯拉汽车 1 月份在欧洲的销量暴跌，表明这家美国汽车制造商在其亿万富翁老板马斯克(Elon Musk)高调介入该地区政治之后，市场对其汽车的需求正在减弱。欧洲汽车制造商协会的数据显示，特斯拉上个月在欧洲的销量仅为 9900 辆，比 2024 年同期下降了 45% 以上。同期其在新车注册量中的总体份额从 1.8% 降至 1%。分析师称销量下滑的一个原因是消费者在等待计划于今年上半年上市的升级版 Y 型车。欧洲消费者在 1 月购买了 16.6 万辆电动汽车，同比增长 37%。其中销量增长最大的是上汽集团，同比增长 37% 至 23,000 辆。

Корпорация превращает знания в одноразовый продукт.

Researchers from Duke University and Carnegie Mellon University have demonstrated successful jailbreaks of OpenAI’s o1/o3, DeepSeek-R1, and Google’s Gemini 2.0 Flash models through a novel attack method called Hijacking Chain-of-Thought (H-CoT). The research reveals how advanced safety mechanisms designed to prevent harmful outputs can be systematically bypassed using the models’ reasoning processes, raising urgent questions […]

The post Researchers Jailbreak OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

INE, the leading provider of networking and cybersecurity training and certifications, today announced its recognition as an enterprise and small business leader in online course providers and cybersecurity professional development, along with its designation as the recipient of G2’s 2025 Best Software Awards for Education Products. This category of awards ranks the world’s top 50 […]

The post INE Secures Spot Top 50 Education Software Rankings 2025 in G2’s appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a transformative move for smartphone longevity, Qualcomm Technologies, Inc., and Google have announced a collaboration to enable eight years of Android software and security updates for devices powered by Snapdragon mobile platforms.  This initiative, targeting smartphones launching with the Snapdragon 8 Elite Mobile Platform and future Snapdragon 8/7-series chipsets, marks the industry’s longest software […]

The post Qualcomm & Google Tied Up to Offer Eight Years of Software and Security Updates appeared first on Cyber Security News.

A newly disclosed vulnerability in the GRUB2 bootloader’s read command (CVE-2025-0690) has raised concerns about potential Secure Boot bypasses and heap memory corruption in Linux systems.  Red Hat Product Security rates this integer overflow flaw as moderately severe. It could enable attackers with physical access and elevated privileges to execute arbitrary code or undermine Secure […]

The post Linux Grub Read Command Buffer Overflow Vulnerability Enabling Potential Secure Boot Bypass appeared first on Cyber Security News.

Тим Кук лично редактировал предупреждения для пользователей App Store.

INE, the leading provider of networking and cybersecurity training and certifications, today announced its recognition as an enterprise and small business leader in online course providers and cybersecurity professional development, along with its designation as the recipient of G2’s 2025 Best Software Awards for Education Products. This category of awards ranks the world’s top 50 […]

The post INE Secures Spot in G2’s 2025 Top 50 Education Software Rankings appeared first on Cyber Security News.

Cybersecurity researchers uncovered a sophisticated macOS malware campaign distributing the Poseidon Stealer through a counterfeit DeepSeek AI platform website.  This malware-as-a-service (MaaS) operation employs advanced social engineering tactics combined with anti-analysis techniques to compromise sensitive user data, marking a significant escalation in macOS-targeted threats. The attack chain begins with malvertising campaigns redirecting users to deepseek.exploreio[.]net, […]

The post Poseidon Stealer Malware Attacking Mac Users via Fake DeepSeek Site appeared first on Cyber Security News.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
• CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released two Industrial Control Systems (ICS) advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-056-01 Rockwell Automation PowerFlex 755
   
• ICSMA-25-030-01 Contec Health CMS8000 Patient Monitor (Update A)
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.