Aggregator

期待优秀的你加入我们，也欢迎转发本则招聘信息。

​Microsoft paid a record $17 million this year to 344 security researchers across 59 countries through its bug bounty program. [...]

Currently trending CVE - Hype Score: 4 - Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the ...

Currently trending CVE - Hype Score: 21 - Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from ...

我正在雅鲁藏布江下游规划建设一座前所未有的超级水电站。这座水电站，总投资高达1.2万亿元人民币，预计总装机规

开源情报 (OSINT) 是指从互联网、媒体、公共政府数据、专业和学术出版物等各种来源收集和分析公开数据的过程

Adobe защищает творцов, но забыла про серверную часть.

Chanel and Pandora have revealed data breaches reportedly linked to attacks on their Salesforce instances

Security researchers have uncovered a highly advanced network of Chinese-speaking cybercriminal syndicates orchestrating smishing attacks that exploit digital wallet tokenization, potentially compromising up to 115 million payment cards in the United States alone. These operations, which evolved dramatically since August 2023, leverage phishing-as-a-service (PaaS) platforms to harvest credentials and bypass multi-factor authentication (MFA) mechanisms, transforming […]

The post Chinese Hackers Breach Exposes 115 Million U.S. Payment Cards appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Секреты производительности, многоядерность и искусственный интеллект.

Learn how tutoring platforms protect student and parent logins with secure authentication like SSO, MFA, and adaptive login systems.

The post How Can Tutoring Platforms Protect Student and Parent Logins with Secure Authentication? appeared first on Security Boulevard.

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. "A vulnerability in Trend Micro

Cyware has released Cyware MCP Server (Model Context Protocol Server) to advance the future of AI-powered cyber defense. The new open-source capability is purpose-built to enable generative AI-native workflows, allowing seamless integration between Cyware’s threat intelligence; security automation platforms and large language models (LLMs). “Cyware MCP Server exposes our Agentic AI components to AI Assistants enabling access to key tools and actions which then empowers security teams to retrieve insights, take action, and orchestrate complex … More →

The post Cyware unveils open-source MCP Server to power AI-driven cyber defense appeared first on Help Net Security.

「本文来源于知乎用户『洞源实验室』对热门提问的回答，更多干货内容可关注我们的知乎账号，第一时间获取最新回答！

Adobe has released critical security updates for Adobe Experience Manager (AEM) Forms on Java Enterprise Edition following the discovery of two severe vulnerabilities that could enable attackers to execute arbitrary code and read sensitive files from affected systems. Critical Security Flaws Discovered Security researchers Shubham Shah and Adam Kues from Assetnote identified two critical vulnerabilities […]

The post Adobe AEM Forms 0-Day Vulnerability Allows Attackers to Run Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sysdig has unveiled an agentic cloud security platform. With Sysdig’s autonomous AI agents, designed to analyze cloud environments end to end and surface hidden business risks, organizations can remediate threats in minutes and deliver measurable improvements in their security posture. Sysdig Sage, the company’s fully integrated AI cloud security analyst, understands context from the entire business and provides clear, contextual remediation recommendations, reducing an organization’s exposure time to critical vulnerabilities from days to minutes. “Businesses … More →

The post Sysdig Sage delivers AI-driven remediation and risk prioritization for cloud appeared first on Help Net Security.

Одна ошибка изменит всё — но никто пока не знает, где она спрятана.

瑞典首相 Ulf Kristersson 承认经常用 ChatGPT 等 AI 工具咨询意见。他表示自己用过的 AI 工具包括 OpenAI 的 ChatGPT 和法国 Mistral AI 的 LeChat，他的同事也在日常工作中经常使用 AI。他表示使用 AI 工具是为了获得政治事务相关的补充意见。但专家对政客使用 AI 工具表达了担忧，Umea 大学的负责任 AI 教授 Virginia Dignum 称 AI 无法对政治观点发表有意义的意见，它只是反映了其开发商的观点，“我们没有投票支持 ChatGPT ”。

A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The identification of this vulnerability is CVE-2025-8665. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #620530 / VDB-319025