Aggregator

Thousands of MCP Servers Leave AI Apps Open to Attack Surfaces
Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

State Moves to Restructure Cyber Bureau and Issue Mass Layoffs Despite Court Order
Current and recent former Department of State staffers told Information Security Media Group the agency is preparing to implement layoffs and begin a reorganization despite a San Francisco federal district court order blocking across-the-board layoffs at federal agencies.

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal. This vulnerability is known as CVE-2025-6773. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

用MCP在ChatGPT看片还能中毒？

微软发布Windows 11 25H2首个测试版，集成1Password等密码管理器，支持Passkey保存至第三方而非系统。修复资源管理器崩溃、开始菜单重复条目等问题，并改进对话框文本显示。部分用户可能遇到安装失败问题，微软正在解决中。

微软确认Windows 11 25H2将在今年晚些时候推出，利用eKB启用包快速升级已开发但未启用的功能。该版本面向开发者和Beta通道已推送测试，并计划于9月至10月正式发布。家庭版和专业版将获得24个月支持，企业版则为36个月。

零、引言：在演练中活着，在现实中消失人们常说，护网是网络安全界的“大阅兵”。每年一次，红蓝对阵，政企联动，战

Airspy推出2025夏季促销活动，时间为6月27日至30日，提供20%折扣优惠。涵盖Airspy R2、Mini、HF+ Discovery等产品及YouLoop天线。部分商品享受全球免费配送（不含关税）。美国客户可通过iTea新仓库购买以避免高关税。活动期间转发促销帖有机会赢赠品。

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

FedRAMP has strict requirements for the security of the companies looking to earn their certification. Among the many requirements you need to navigate are tests from your C3PAO, simulating malicious actors and common threat vectors. In order to understand what you need to do to pass, it’s worth going over what penetration testing is, what […]

The post FedRAMP Pen Test Scope vs. Rules of Engagement Explained appeared first on Security Boulevard.

构建高质量漏洞数据集是评估安全工具、推动安全研究的重要基础

苹果修改欧盟应用商店条款以避免更多罚款；腾讯混元首个开源混合推理 MoE 模型在魔搭社区首发；Verizon 回应6100万条数据遭甩卖：系旧数据，与公司及客户无关；小米王化回应网传「前总监冯 XX 大瓜」「猫王音响创始人曾德钧不愉快经历」

What Are Application Security Testing Tools?  Application security testing (AST) tools identify vulnerabilities and weaknesses in software applications. These tools assess code, application behavior, or its environment to detect potential security risks. They help developers and security teams prevent cyberattacks by addressing security issues during the development and deployment phases. AST tools come in various […]

The post Best Application Security Testing Tools: Top 10 Tools in 2025 appeared first on Security Boulevard.

南非和埃及勒索攻击事件数量远超其他国家

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike...

The post ZigStrike: New Zig-Based Shellcode Loader Revolutionizes EDR Evasion with Advanced Injection Techniques appeared first on Penetration Testing Tools.

62%的受访者认为十年后的世界将比现在更糟，仅38%持乐观态度。然而，部分领域（如AI、气候合作）存在积极可能性。核心警示在于大国冲突、核风险、民主危机与技术颠覆性影响，呼吁国际社会在动荡中寻求韧性策略，重建并适应规则基础秩序。

6月27日，卢旺达和刚果民主共和国在美国斡旋下签署了一项和平协议，旨在吸引数十亿美元的西方投资进入这个富含钽、金、钴、铜、锂和其他矿产的地区。

点击查看更多本周网络安全大事件。