Aggregator

A vulnerability classified as critical was found in MIKO MikoPBX up to 2024.1.114. This vulnerability affects unknown code of the file PBXCoreREST/Controllers/Files/PostController.php. The manipulation leads to relative path traversal. This vulnerability was named CVE-2025-52207. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Chinese-Made AI App Faces European Privacy Pushback
A German data regulator on Friday ordered Apple and Google to remove the Chinese artificial intelligence DeepSeek app from online stores over non-compliance with privacy and digital service rules. Commercial transfers of data outside of trading bloc members are governed by a complex legal system

Alerts Come on the Heels of Recent Attacks on Insurers
U.S. federal authorities are warning the public and healthcare sector entities of email and fax phishing scams by fraudsters seeking to steal personal information about patients or payments. The warnings come as three large U.S. insurers continue to recover from recent cyberattacks.

Thousands of MCP Servers Leave AI Apps Open to Attack Surfaces
Hundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

State Moves to Restructure Cyber Bureau and Issue Mass Layoffs Despite Court Order
Current and recent former Department of State staffers told Information Security Media Group the agency is preparing to implement layoffs and begin a reorganization despite a San Francisco federal district court order blocking across-the-board layoffs at federal agencies.

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal. This vulnerability is known as CVE-2025-6773. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

用MCP在ChatGPT看片还能中毒？

微软发布Windows 11 25H2首个测试版，集成1Password等密码管理器，支持Passkey保存至第三方而非系统。修复资源管理器崩溃、开始菜单重复条目等问题，并改进对话框文本显示。部分用户可能遇到安装失败问题，微软正在解决中。

微软确认Windows 11 25H2将在今年晚些时候推出，利用eKB启用包快速升级已开发但未启用的功能。该版本面向开发者和Beta通道已推送测试，并计划于9月至10月正式发布。家庭版和专业版将获得24个月支持，企业版则为36个月。

零、引言：在演练中活着，在现实中消失人们常说，护网是网络安全界的“大阅兵”。每年一次，红蓝对阵，政企联动，战

Airspy推出2025夏季促销活动，时间为6月27日至30日，提供20%折扣优惠。涵盖Airspy R2、Mini、HF+ Discovery等产品及YouLoop天线。部分商品享受全球免费配送（不含关税）。美国客户可通过iTea新仓库购买以避免高关税。活动期间转发促销帖有机会赢赠品。

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

FedRAMP has strict requirements for the security of the companies looking to earn their certification. Among the many requirements you need to navigate are tests from your C3PAO, simulating malicious actors and common threat vectors. In order to understand what you need to do to pass, it’s worth going over what penetration testing is, what […]

The post FedRAMP Pen Test Scope vs. Rules of Engagement Explained appeared first on Security Boulevard.

构建高质量漏洞数据集是评估安全工具、推动安全研究的重要基础

苹果修改欧盟应用商店条款以避免更多罚款；腾讯混元首个开源混合推理 MoE 模型在魔搭社区首发；Verizon 回应6100万条数据遭甩卖：系旧数据，与公司及客户无关；小米王化回应网传「前总监冯 XX 大瓜」「猫王音响创始人曾德钧不愉快经历」

What Are Application Security Testing Tools?  Application security testing (AST) tools identify vulnerabilities and weaknesses in software applications. These tools assess code, application behavior, or its environment to detect potential security risks. They help developers and security teams prevent cyberattacks by addressing security issues during the development and deployment phases. AST tools come in various […]

The post Best Application Security Testing Tools: Top 10 Tools in 2025 appeared first on Security Boulevard.

南非和埃及勒索攻击事件数量远超其他国家

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike...

The post ZigStrike: New Zig-Based Shellcode Loader Revolutionizes EDR Evasion with Advanced Injection Techniques appeared first on Penetration Testing Tools.