Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites
Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing.
Aggregator
32499 запросов за пять лет. Хакеры используют открытую документацию API, чтобы найти уязвимости
1 day 16 hours ago
Открытый swagger.json делает половину работы за злоумышленников.
New Relic expands observability into AI-assisted software development
1 day 16 hours ago
New Relic has announced AI Coding Observability, an open-source tool for monitoring AI-assisted software development workflows. As organizations adopt AI coding assistants, these tools often operate outside existing observability systems, limiting visibility into their use. AI Coding Observability extends monitoring into the software development process, enabling organizations to track, analyze, and audit AI-assisted coding activities. “You can’t manage what you can’t see. AI coding assistants are having a measurable impact on businesses, but without real-time … More →
The post New Relic expands observability into AI-assisted software development appeared first on Help Net Security.
Industry News
Morpheus
1 day 16 hours ago
You must login to view this content
cohenido
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
1 day 16 hours ago
Phishing has always been a numbers game. AI has turned it into a volume machine.
Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.
As the queue grows, a credential theft attempt or malware delivery can easily
The Hacker News
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
1 day 16 hours ago
Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked.
A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and
The Hacker News
CVE-2026-8833 | Checkmk up to 2.2.0/2.3.0p47/2.4.0p30/2.5.0p4 URL Validation cross site scripting
1 day 16 hours ago
A vulnerability was found in Checkmk up to 2.2.0/2.3.0p47/2.4.0p30/2.5.0p4. It has been declared as problematic. This issue affects some unknown processing of the component URL Validation Handler. The manipulation results in cross site scripting.
This vulnerability is identified as CVE-2026-8833. The attack can be executed remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-8078 | Checkmk up to 2.2.0/2.3.0p47/2.4.0p30/2.5.0p4 Activate Changes Page cross site scripting
1 day 16 hours ago
A vulnerability was found in Checkmk up to 2.2.0/2.3.0p47/2.4.0p30/2.5.0p4. It has been classified as problematic. This vulnerability affects unknown code of the component Activate Changes Page. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2026-8078. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-7186 | Checkmk up to 2.2.0/2.3.0p47/2.4.0p30/2.5.0p4 URL Dashboard Widget cross site scripting
1 day 16 hours ago
A vulnerability was found in Checkmk up to 2.2.0/2.3.0p47/2.4.0p30/2.5.0p4 and classified as problematic. This affects an unknown part of the component URL Dashboard Widget. Executing a manipulation can lead to cross site scripting.
The identification of this vulnerability is CVE-2026-7186. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-7765 | Checkmk up to 2.5.0p4 authorization
1 day 16 hours ago
A vulnerability has been found in Checkmk up to 2.5.0p4 and classified as problematic. Affected by this issue is some unknown functionality. Performing a manipulation results in incorrect authorization.
This vulnerability was named CVE-2026-7765. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2026-11577 | Keycloak on Red Hat partialImport authorization
1 day 16 hours ago
A vulnerability, which was classified as critical, was found in Keycloak on Red Hat. Affected by this vulnerability is an unknown functionality of the file /admin/realms/{realm}/partialImport. Such manipulation leads to incorrect authorization.
This vulnerability is uniquely identified as CVE-2026-11577. The attack can be launched remotely. No exploit exists.
vuldb.com
Check Point links VPN zero-day attacks to Qilin ransomware gang
1 day 17 hours ago
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]
Sergiu Gatlan
Один клик — и паспортные данные в публичной ленте. Что нашли в архивах онлайн-форматтеров JSON
1 day 17 hours ago
Обычная вкладка браузера стала лучшим хранилищем секретов для всех желающих.
Turning Cloudflare’s threat indicators into real-time WAF rules
1 day 17 hours ago
Cloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time.
Alexandra Moraru
Идеология закончилась, кушать хочется всегда. «Касперский» поймал бывших борцов за идею на вымогательстве у шейхов
1 day 17 hours ago
Как принципиальные борцы с системой превратились в банальных рэкетиров.
肥胖会影响精子质量改变表观遗传标记
1 day 17 hours ago
根据发表在《Current Obesity Reports》期刊上的一项研究,肥胖并非只是个人选择的结果,肥胖风险的遗传率高达 40%-70%,能通过复杂的生物和环境因素代代相传。最新证据表明,肥胖会影响精子质量,改变表观遗传标记。这些变化可能会影响儿童的食欲调节、新陈代谢和长期患病风险。好消息是这些变化是可逆转的。生活方式改变以及减肥可改善精子健康,改变与肥胖相关的表观遗传模式。
韦伯首次测量早期宇宙休眠黑洞质量
1 day 17 hours ago
天文学家利用韦伯太空望远镜以及引力透镜效应首次测量了一个早期宇宙休眠黑洞质量。该黑洞是 MRG-M0138 星系的中心,星系已经不再形成恒星,而黑洞也不再吞噬周围的物质而处于休眠状态。MRG-M0138 位于一个巨大星系团的背后,被引力透镜效应放大了约 30 倍。黑洞距离地球大约 100 亿光年,其质量为太阳的 60 亿倍。天文学家组合了引力透镜以及黑洞引力对恒星运动的影响确定了其质量。
Червь взрослеет по таймеру, который не перезапускается. Ученые называют это первыми «одноразовыми» часами
1 day 17 hours ago
У C. elegans часы просто отсчитывают этапы — и замолкают.
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
1 day 17 hours ago
A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections between corporate networks and remote or mobile devices. Check Point Mobile Access lets mobile and remote workers connect securely to email, calendar, contacts, and corporate applications. CVE-2026-50751 affects both solutions (i.e., functions on Check Point Security … More →
The post Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) appeared first on Help Net Security.
Zeljka Zorz
CVE-2026-11585 | CodeAstro Student Attendance Management System 1.0 createClassArms.php classId sql injection
1 day 18 hours ago
A vulnerability, which was classified as critical, has been found in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection.
This vulnerability is handled as CVE-2026-11585. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com