Aggregator

A vulnerability marked as critical has been reported in Cisco IOS XE. This issue affects some unknown processing of the component IOx Application Hosting Environment. Performing manipulation results in improper access controls. This vulnerability is cataloged as CVE-2023-20065. The attack must be initiated from a local position. There is no exploit available. It is suggested to upgrade the affected component.

从我过往的实践来看，大多数都是测试人员在担任SDL安全对接人，少数是研发骨干、产品经理和安全研究员。他们负责：提安全需求、安全测试、组织开发修复漏洞、组织复盘分析等工作。 回顾最开始设置“产品安全专员”机制时，人选的确定交由业务部门负责人来定，同时建议承担这个角色的人须有一定话语权、熟悉产品及研发过程、最好是对安全感兴趣。其次是在确定人选之后，尽量从组织上来说要正式化、正规化运营，比如召开相关安全培训、持证上岗、发内部IM徽章、轮替也要学习和考试，定期组织开会等。 ------------更多内容，请访问------------- 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ 大家都有哪些SDL运营指标？ 业务系统是否可以带漏洞上线？ 日常的漏洞运营，也应该是SDL团队来做吗？ 关于开发安全BP，对开展SDL有哪些帮助？ 上传图片的API，除了常见web漏洞外，是否还会有风险？ SDL 84/100问：国内是否有做安全基线的厂商或这个方向的专家？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 DevSecOps实施关键：研发安全工具 从安全视角，看研发安全 数字化转型下研发安全痛点 一个思考：安全测试驱动产品安全？ 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟

The DDoS botnet was among the most powerful on record, allegedly exceeding six terabits per second during its largest attack, authorities said. Victims are spread across 80 countries.

The post Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator appeared first on CyberScoop.

How Autonomous AI Systems Are Moving Beyond Hype and Why CIOs Can't Ignore Them
Agentic AI is moving from concept to capability, bridging the gap between reactive tools and enterprise-scale autonomy. With the stack maturing fast, CIOs face a choice: lead the shift or risk being left behind.

Maximum Validity of Public TLS Certificates Will Drop From 398 Days to Just 47 Days
The future of managing digital certificates is already here - it's just not evenly distributed yet. With the public TLS certificate validity period set to drop to just 47 days, as well as the need to migrate to quantum-safe encryption, experts see automation as key to achieving crypto agility.

Common Weaknesses Healthcare Providers Must Overcome to Avoid Regulators' Wrath
Regulators have long pushed HIPAA-regulated providers to ensure their enterprise-wide security risk analysis is comprehensive and timely, so they can identify security issues before they become data breaches. Why do so many organizations struggle with this top HIPAA priority?

CEO Matthew Prince: Unchecked Scraping Could Undermine the Internet's Economic Model
With 20% of the web behind its platform, Cloudflare will now block AI web crawlers from scraping monetized content by default. CEO Matthew Prince says the company's policy gives all users, even on the free plan, control over AI bot access and protects the incentives for content creation.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4. This affects an unknown function of the component arm_ffa. The manipulation leads to memory leak. This vulnerability is listed as CVE-2025-38390. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16-rc4. It has been rated as problematic. This impacts the function __kmem_cache_shutdown of the component i915. Performing manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-38389. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4. Affected is the function in_atomic of the file kernel/locking/mutex.c of the component firmware. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2025-38388. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in HCL Digital Experience 8.5/9.0/9.5. It has been classified as problematic. The affected element is an unknown function of the component Administrative UI. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-31988. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Mozilla Firefox up to 140 on Android and classified as critical. Impacted is an unknown function of the component iFrame Handler. The manipulation results in improper access controls. This vulnerability was named CVE-2025-8042. The attack may be performed from a remote location. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 140 on Android and classified as problematic. This issue affects some unknown processing of the component Address Bar. The manipulation leads to clickjacking. This vulnerability is uniquely identified as CVE-2025-8041. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 141 on iOS. This vulnerability affects unknown code of the component Popup Blocker. Executing manipulation can lead to improper access controls. This vulnerability is handled as CVE-2025-55029. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 141. This affects an unknown part of the component Address Bar. Performing manipulation results in clickjacking. This vulnerability is known as CVE-2025-9183. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 141. Affected by this vulnerability is an unknown functionality of the component WebRender. This manipulation causes denial of service. This vulnerability appears as CVE-2025-9182. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.