Aggregator
US warns of Iranian hackers targeting critical infrastructure
1 day 5 hours ago
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]
Sergiu Gatlan
Lynx
1 day 5 hours ago
You must login to view this content
cohenido
SandboxJS 连环沙箱逃逸漏洞深度解析(CVE-2026-26954)
1 day 5 hours ago
漏洞来源一个评分十分的严重漏洞漏洞描述SandboxJS 是一个 JavaScript 沙箱库。在 0.8.34 版本之前,可以获取包含 Function 数组,从而导致沙箱逃逸。如果拥有包含 Function 的数组和 Object.fromEntries,就可以构造 {[p]: Function},其中 p 是任何可构造的属。此漏洞已在 0.8.34 版本中修复漏洞原理CVE-2026-269
Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities
1 day 5 hours ago
The program comes as the tech industry races to secure software before similar AI-powered offensive capabilities become too much for defenders to handle.
The post Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities appeared first on CyberScoop.
Greg Otto
Знакомьтесь, ваша замена: робот GEN-1 складывает сотни футболок без ошибок. И не устаёт ни на секунду
1 day 6 hours ago
Железка собирает коробку за 12 секунд. Человек — за 34. Добро пожаловать в будущее.
Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn
1 day 6 hours ago
Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the […]
The post Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn appeared first on CyberScoop.
Tim Starks
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
1 day 6 hours ago
REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit.
Deeba Ahmed
HackMyVM-Gitdwn 靶机WP
1 day 6 hours ago
Gitdwn靶机贴近真实生产环境,融合了多种常见的安全漏洞与配置隐患,涵盖前端加密逻辑、XML外部实体(XXE)、内网服务暴露、Git版本控制信息泄露等多个核心考点,既考验渗透测试人员的基础操作能力(如端口扫描、目录枚举、密码爆破),也要求具备一定的代码逆向、漏洞组合利用与细节挖掘思维。
用 OpenClaw 插件机制实现 AI Agent 安全管控
1 day 6 hours ago
当 AI Agent 拥有了读写文件、执行命令、访问网络的能力,如何用平台自身的扩展机制构建安全防线?
内核nf_tables漏洞--CVE-2024-1086 复现
1 day 6 hours ago
在`nf_tables`架构中,内核允许用户自定义设置过滤规则,用户可以通过设定规则来决定数据包的处理方式(这个处理方式由`verdicts code`决定),而规则是由一系列表达式组成的,中有一种表达式叫 `nft_immediate`(立即数表达式)。它的作用是:“如果匹配成功,就将某个值设置到`NFT_REG_VERGICT`中(一个用来存放verdict的值的寄存器)”。每条 rule 执
После взлома — сжечь. Северная Корея запустила производство одноразовых вирусов
1 day 6 hours ago
Как заставить весь мир гадать, кто именно совершил кибератаку.
PolarCTF2026春季个人赛 Web方向全解
1 day 6 hours ago
PolarCTF2026春季个人赛 Web方向全解
CISCN&长城杯 2026分区赛区AWDP-Web
1 day 6 hours ago
CISCN&CCB 2026分区赛AWDP-Web部分的题目复现
Cybersecurity in the Age of Instant Software
1 day 6 hours ago
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.
AI is changing cybersecurity as well. In particular, AI systems are getting better at finding and patching vulnerabilities in code. This has implications for both attackers and defenders, depending on the ways this and related technologies improve...
The post Cybersecurity in the Age of Instant Software appeared first on Security Boulevard.
Bruce Schneier
Russia Hacked Routers to Steal Microsoft Office Tokens
1 day 6 hours ago
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
The post Russia Hacked Routers to Steal Microsoft Office Tokens appeared first on Security Boulevard.
BrianKrebs
Russia Hacked Routers to Steal Microsoft Office Tokens
1 day 6 hours ago
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
BrianKrebs
Max severity Flowise RCE vulnerability now exploited in attacks
1 day 6 hours ago
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]
Bill Toulas
Threat Actor Selling Root RCE Shell Access to Botswana Government Health Portal Firewall for $300
1 day 6 hours ago
Threat Actor Selling Root RCE Shell Access to Botswana Government Health Portal Firewall for $300
Dark Web Informer
Так просто сайты ещё не взламывали. Популярный плагин обнулил безопасность огромного числа веб-ресурсов
1 day 7 hours ago
Привычный рабочий инструмент внезапно стал верным помощником хакеров.