Aggregator

Submit #623655 / VDB-319243

Cybersecurity researchers have uncovered a new technique that allows attackers to bypass Windows User Account Control (UAC) protections by exploiting an unexpected vulnerability in the system’s Private Character Editor tool, potentially granting unauthorized administrative privileges without user consent. The exploit targets eudcedit.exe, Windows’ Private Character Editor located in C:\Windows\System32, which is typically used for creating […]

The post Windows UAC Bypass Exploits Character Map Tool for Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Альцгеймер и эпилепсия больше не спрячутся.

The Python Package Index (PyPI) has announced new restrictions aimed at mitigating ZIP parser confusion attacks that could exploit discrepancies in how Python package installers and inspectors handle ZIP archives. This move comes in response to vulnerabilities identified in tools like the uv installer, which exhibits different extraction behaviors compared to Python-based installers relying on […]

The post PyPI Issues Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

关键词安全漏洞超过百款戴尔笔记本电脑型号受到 ControlVault3 固件漏洞影响，黑客可借此绕过 Win

关键词勒索软件自2022年以来，一个源自Quantum、继承自臭名昭著的Conti组织的勒索软件集团，逐步演变

关键词数据泄露2025年5月16日，一个未知的威胁行为主体入侵哥伦比亚大学网络系统，窃取近87万在校及离职师生

关键词网络钓鱼一场精心设计的社交工程攻击让全球科技巨头谷歌也未能幸免。

When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches

8月6日至7日，第十三届互联网安全大会在北京国家会议中心举行。可信华泰出席本次盛会，全面呈现了其在可信计算与人工智能融合创新领域的前沿成果。

8月7日，ISC.AI 2025创新独角兽沙盒大赛巅峰对决圆满落下帷幕。在三天总决赛的激烈角逐中，专家评审团从技术突破性、商业可行性到社会价值创造等维度，全方位考量参赛项目的创新成色。

美国开放人工智能研究中心7日发布其最新人工智能模型GPT-5。

近日，《国家信息化发展报告（2024年）》（以下简称《报告》）发布，系统总结2024年我国信息化发展取得的成绩，谋划下一步重点任务。

战场机器人的发展演进给国际人道法的基本原则和相关机制带来了新的挑战。因此，要在把握战场机器人这一人工智能武器特性的基础上，梳理当前技术水平战场机器人对国际人道法的挑战，提出规范战场机器人军事化应用的中国方案，确保人工智能安全、可靠、可控。

文章探讨了组织凭据泄露的长期影响及其日益严重的威胁。数据显示，2024年凭据泄露占数据泄露事件的22%，超越钓鱼和软件漏洞。自动化工具如恶意软件和AI钓鱼使攻击更容易，且凭据常用于账户接管、密码填充等恶意活动。防范措施包括强密码策略、多因素认证及威胁检测技术。

Columbia University has disclosed a major cybersecurity incident where an unauthorized third party accessed and extracted a significant volume of personal and financial data. The breach, which affects a vast number of individuals connected to the university, was discovered following a technical outage in late June. According to a notice sent by the university, the […]

The post Columbia University Data Breach – Hackers Stolen 870,000 Individuals Personal and Financial Data appeared first on Cyber Security News.

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users and likely resell them on dark web forums like Russian Market. The activity is assessed to be active since at least March 2023, according to the software supply

60个恶意RubyGems包伪装成社交媒体和 blogging 工具，自2023年3月以来被下载超27.5万次，窃取用户凭证。攻击者通过简单GUI收集信息，并将数据发送至特定服务器。部分包针对韩国用户和金融讨论平台。PyPI也检测到类似恶意包用于窃取加密货币。

Microsoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. [...]

速修复