Aggregator

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Sentry flaw, tracked as CVE-2026-10520 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti Sentry is a secure gateway appliance that sits between an organization’s internal […]

NPM 12 превращает установку зависимостей в отдельную работу.

One of the most persistent hacking groups in the world has found a new way to stay hidden. The threat actor known as Fancy Bear, formally tracked as APT28 and attributed to Russia’s military intelligence unit GRU Unit 26165, has been quietly shifting how it runs cyberattack operations. Instead of relying on traditional infrastructure, the […]

The post Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks appeared first on Cyber Security News.

A threat actor using the alias ChimeraZ, working with a collaborator named Cybernox, claims to have leaked the member database of Lancy FC, a Swiss football club based in Geneva that runs teams across all age groups.

The website specialized in non-consensual sexual images of famous women, including politicians, first ladies, royalty, journalists, television presenters, athletes, and entertainers, and others.

The post US, France, and Italian authorities shut down massive deepfake porn site appeared first on CyberScoop.

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary cleanup could not reach it. The network it targeted had no

Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware.

Currently trending CVE - Hype Score: 3 - An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Currently trending CVE - Hype Score: 1 - Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

A newly documented phishing campaign is using a legitimate remote management tool to silently take over victims’ computers, without deploying a single line of traditional malware. Researchers have uncovered an active operation targeting Brazilian organizations, where attackers trick employees into installing a real enterprise software agent that then hands full remote control to the threat […]

The post Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection appeared first on Cyber Security News.

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]

Неужели во всем виноваты мы?

Oleksii Lytvynenko, a 44-year-old Ukrainian national, admitted to joining the prolific cybercrime group in 2021. Officials said he engaged in cybercrime up until his arrest in Ireland in 2023.

The post Conti ransomware group member pleads guilty, faces up to 20 years in prison appeared first on CyberScoop.

About 7 million customers of the genetics testing company had their data stolen by hackers starting in April 2023, and many had their information posted on the dark web.

It is the first lapse of the spy program, known as Section 702 of the Foreign Intelligence Surveillance Act (FISA), since it was passed into law in 2008.

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]

Ведомство объединило подготовку специалистов по цифровой криминалистике и сотрудников киберподразделений на одной учебной площадке.

注重隐私的开源移动操作系统 /e/OS 释出了 4.0 版本。/e/OS 是移除了 Google 应用的 LineageOS 分支，由法国非营利组织 e Foundation 开发。/e/OS 4.0 的变化包括：全新设计的启动器 Blisslauncher；个性化壁纸；将存储在 Google 中的所有数据迁移到欧洲云服务 Murena Workspace，彻底告别 Google；电子签名系统 Murena Sign，支持 PDF、Word 和 ODT 文件；欧洲的在线会议 Murena Meet；预装 /e/OS 的手机 Murena GS6 和 GS6 PRO，起售价分别为 339 欧元和 449 欧元。