Aggregator

Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz. "NVIDIA Container Toolkit for all platforms contains a

Google 起诉了 25 名僵尸网络 BadBox 2.0 的中国籍运营者。Google 在起诉书中称，截至 2025 年 4 月，BadBox 2.0 感染了全世界逾 1000 万台基于 Android AOSP 系统的设备，包括电视盒、平板、投影仪和车载休闲娱乐系统。BadBox 2.0 是迄今为止发现的规模最大的联网电视僵尸网络。Google 称 BadBox 2.0 的活动干扰了 Google 与客户的关系，损害其声誉，破坏其产品和服务的价值。由于所有被告都在中国，而中美之间很少引渡嫌疑人，因此诉讼不太可能追究到任何被告的责任。

Картинка на экране — лишь прикрытие для сложной сети, разросшейся по всему миру.

俄罗斯进一步收紧了对网络活动的控制。该国新通过的法律将对搜索被禁止内容以及使用 VPN 访问被禁止内容的人处以罚款。俄罗斯对被禁止内容的定义是一个由政府维护的列表，大约有 5500 个条目，其内容涵盖了从 LGBT运动 到基地等极端主义组织制作的内容，以及宣传纳粹意识形态或或煽动极端主义行为的材料。对搜索被禁止内容的罚款大约为 65 美元，对推广 VPN 等规避审查工具的罚款——个人为 2500 美元，企业最高 1.28 万美元。

Cryptominer campaign runs for years using legit sites to spread malware, targeting Linux systems through known bugs and avoiding detection.

Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections,"

"欢迎来到漏洞挖掘活动，这是一场代码世界的‘吃鸡’，最后的赢家，就是漏洞的终结者！

Threat actors have been actively exploiting vulnerabilities in Ivanti Connect Secure, specifically CVE-2025-0282 and CVE-2025-22457, to deploy advanced malware, including MDifyLoader and Cobalt Strike Beacon. These attacks, observed from December 2024 through July 2025, build on prior incidents involving SPAWNCHIMERA and DslogdRAT, demonstrating persistent targeting of VPN appliances. Attackers leverage these flaws for initial access, […]

The post Threat Actors Exploit Ivanti Connect Secure Flaws to Deploy Cobalt Strike Beacon appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

关键词数据泄露英国零售巨头Co-op日前披露了一起重大网络安全事件：今年4月遭遇的复杂网络攻击导致其全部650

关键词安全漏洞一款名为LaRecipe的流行文档工具被曝出存在高危安全漏洞，该工具目前累计下载量已达230万次

关键词TeleMessage以色列开发的通信应用TeleMessage SGNL近日曝出严重安全漏洞。

关键词默认密码制造业正面临着一场由默认密码引发的系统性安全危机。看似便捷的设备初始密码设计，实则是整个行业中潜伏多年的安全黑洞。

攻击者利用该漏洞，可通过诱骗用户访问恶意页面，实现远程代码执行攻击。

公司称业务已基本恢复至攻击前水平

Никто не защищён — даже те, кто думает иначе.

这是敲敲打卡的一个公益项目：「一起打卡一起捐」。 初心简单——希望你坚持打卡，「敲敲成为更好的自己」，也顺便帮到别人。 让自己快乐的同时，也给世界带去一份滋养。 每月我们都会做一次捐赠公示，这已经是我们和敲友一起坚持的第四个月。（项目缘起可以看这篇 Do Good Have Fun） 「一起打卡一起捐」的活动会持续到今年最后一天。 非常期待你能一起加入！ 参加方式： 1. 扫码加入你感兴趣的打卡小组 2. 应用商店搜索「敲敲打卡」App，下载完成后你就在打卡小组里了。

赶在黑客在野利用之前发现了SQLite 开源数据库引擎中的一个高危内存损坏漏洞CVE-2025-6965（CVSS评分7.2）。

速修复

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even inexperienced threat actors with

Attackers are increasingly leveraging the ClickFix social engineering technique to distribute potent malware families, including NetSupport RAT, Latrodectus, and Lumma Stealer. This method, which emerged prominently in recent months, tricks users into executing malicious commands under the guise of resolving common computer issues like performance glitches or verification prompts. By hijacking the clipboard through JavaScript […]

The post Hackers Exploit ClickFix Tactics to Spread NetSupport RAT, Latrodectus, and Lumma Stealer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.