Aggregator

CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server

2026 年 4 月 7 日，Anthropic 联合 Apple、Google、Microsoft 等 45 家机构发布 Project Glasswing 计划，并宣布其尚未公开发行的前沿模型 Claude Mythos Preview 在所有主要操作系统和浏览器中发现了数千个…

A financially motivated threat group called Storm-2755 has launched a campaign that quietly reroutes employee salary payments to attacker-controlled bank accounts. Targeting Canadian workers, the group uses adversary-in-the-middle (AiTM) techniques to hijack authenticated sessions and bypass multi-factor authentication (MFA), in what researchers have labeled “payroll pirate” attacks.​ The campaign starts with SEO poisoning and malvertising. […]

The post Hackers Use AiTM Session Hijacking to Redirect Employee Salaries in New Storm-2755 Campaign appeared first on Cyber Security News.

Теперь ИИ будут выдавать только по паспорту.

A U.K. communications regulator, Ofcom, has said it will be cracking down on the spread of the images in the aftermath of the Grok scandal, which led to millions of “nudified” images of women and children to be circulated worldwide.

Drift officials said the operation began six months ago, when they were approached at a cryptocurrency conference by members of a company claiming to focus on quantitative trading.

Google has expanded its encryption capabilities in Gmail to mobile devices, enabling enterprise customers to transmit encrypted emails directly within the app on both Android and iOS. The update removes a limitation that previously restricted native encrypted email use on mobile devices. The rollout allows eligible users to compose and read encrypted messages natively, without..

The post Google Extends Gmail Encryption to Mobile, but Limits Access to Enterprise Tier appeared first on Security Boulevard.

France has taken a decisive step toward digital sovereignty, announcing plans to migrate government workstations from Microsoft Windows to Linux. The move was formally declared during an interministerial seminar held on April 8, 2026, organized by the Interministerial Directorate for Digital Affairs (DINUM), the National Cybersecurity Agency of France (ANSSI), the Directorate General for Enterprises […]

The post France to Replace Windows with Linux on Government Desktops appeared first on Cyber Security News.

Квантовая эра рассудит.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Electric Vehicles’ appeared first on Security Boulevard.

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.

加州戴维斯的科学家在 2022-2024 年的企鹅繁殖季期间给生活在阿根廷 Patagonian 海岸的 54 只麦哲伦企鹅的脚套上硅胶被动取样器，收集企鹅在数天活动期间内接触的水、空气和表面化学物质的样本。采样器回收后送往纽约州立大学布法罗进行检测。检测结果显示，即使在偏远地区，逾九成样本都检测到了 PFAS，PFAS 代表全氟烷基和多氟烷基物质，因为不会自然分解它被称为“永久留存的化学品”。

Инструмент собрал 34 тысячи звезд за три дня. В чем подвох?

Flashpoint analysts, working with partner financial institutions, have observed a growing number of PhaaS operations operating with a level of coordination and specialization more commonly associated with legitimate software platforms. These ecosystems bring together phishing kit developers, infrastructure providers, spam delivery services, and financially motivated actors into a single, scalable pipeline for fraud.

The post The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks appeared first on Flashpoint.

The post The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks appeared first on Security Boulevard.

Изучаем ловушки, обманувшие даже самых бдительных специалистов.

弥合内核回溯差距：针对欧盟 CRA 的自动 CVE 检测 by ourren

简评Mythos Preview对国家安全和中国网安产业的影响 by ourren

暗网情报技术能力框架及参考指标体系 by ourren

更多最新文章，请访问SecWiki

在最近一起涉及在德州 Alvarado ICE Prairieland Detention Facility 放烟花和破坏财产案件中，FBI 利用 iPhone 手机上储存的通知数据库数据恢复了已删除的 Signal 消息。Signal 采用端对端加密，除了接收双方，其他人本来无法查看消息，但 iPhone 的通知功能能提供消息的预览，相关信息还会储存在通知数据库中。要避免消息被预览和保存，Signal 用户可以启用禁止预览，或者修改 iPhone 的设置 > 通知 > 通知内容 > 显示：“仅名称”或“不显示名称或内容”。在本案中，被告没有修改相关设置，导致即使应用卸载之后其消息仍然能被恢复。

The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]