Aggregator

Learn how adaptive authentication defends against deepfakes, credential attacks, and AI threats to keep your business secure.

The post AI Threats & Adaptive Authentication: How to Be Protected Against Deepfakes and Credential Attacks appeared first on Security Boulevard.

Oracle has released VirtualBox 7.2.0, a major update that significantly expands ARM virtualization capabilities and introduces comprehensive Windows 11/ARM support. Released on August 14, 2025, this update represents a substantial leap forward in cross-platform virtualization technology, addressing long-standing limitations and introducing experimental features that could reshape how users approach virtual machine deployment across different architectures. […]

The post VirtualBox 7.2 Adds Windows 11/Arm VM Support and Key Bug Fixes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HW 行动中，部分厂商因开源邮件网关组件漏洞沦陷，这一现象的背后，实则是开源 MTA 模块在技术根基上的诸多缺陷在实战中的集中暴露。

开源MTA的技术隐患：从架构缺陷到实战风险

国内邮件安全网关市场中，部分厂商因核心技术投入不足，产品能力分化明显，约70%邮件网关产品以 Postfix、Sendmail 等开源技术为根基，其功能扩展常走 “技术捷径”：实现反垃圾、病毒扫描等核心安全功能时，采用 “外部调用拼接式” 编程 —— 通过 Shell 脚本或命令行拼接调用外部安全引擎，而非原生 API 深度集成。这种开源改造存在三重硬伤：

1、效率损耗大：每封邮件处理需反复启动外部进程，高并发场景下 CPU 与内存占用激增，易成性能瓶颈。

2、安全攻击面扩大：命令行参数注入或转义不当，易被恶意邮件利用形成 Shell 注入风险。

3、稳定性和维护性差：进程间通信可靠性远低于原生库调用，错误链冗长难追踪。

根源在于研发模式不成熟。今年HW期间，多家机构网关产品即因开源 MTA 的内存管理缺陷、命令注入漏洞被攻破。更值得警惕的是，基于开源 MTA 搭建的网关，核心机制受制于人，难谈安全自主；且主流开源 MTA 多源自美国，不排除被植入后门的风险，一旦发生意外，可能导致信息泄露甚至系统失控。

CACTER自研破局：从底层重构邮件安全根基

CACTER邮件网关的破局关键，在于对 MTA核心组件实现 100% 自研，从协议处理到内存管理摆脱开源依赖，以此筑牢产品安全根基。

这一技术底气源自 26 年行业深耕经验与累计 63 项专利技术，始终以 “实战有效性”为导向—— 这正是CACTER在本次安全攻防中保持“零失陷”的核心秘诀。而除了这份自研硬实力外，CACTER的稳健表现，更离不开四大核心能力的坚实支撑：

26 年实战积累 从“被动防御” 到“主动适应”

邮件安全从不是 “闭门造车”，而是在借鉴与优化中动态应对实战挑战。26 年服务多行业的经验表明，稳定、适配、可迭代的方案，才是关键场景的坚实保障。

如今，AI 攻击推动邮件安全进入 “微秒级” 竞争时代。立足实战、融合优化的自研技术路线，已被证明是应对复杂威胁的可靠选择。26 年的经验积淀，硬核的产品实力，专业的服务团队，让CACTER在历次攻防中，交出让客户真正放心的答卷。

HexStrike AI, the leading autonomous cybersecurity framework, today announced seamless integration with ChatGPT, Claude, and GitHub Copilot, enabling these AI agents to orchestrate over 150 professional security tools for comprehensive penetration testing and vulnerability intelligence. This milestone empowers developers, red teams, and bug bounty hunters to harness conversational AI interfaces for advanced, fully automated security […]

The post HexStrike AI Links ChatGPT, Claude, and Copilot to 150+ Security Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed vulnerability in Palo Alto Networks’ GlobalProtect application could allow attackers to escalate privileges and install malicious software on affected systems through improper certificate validation. The security flaw, tracked as CVE-2025-2183, was published on August 13, 2025, and affects multiple versions of the popular VPN client across Windows and Linux platforms. Critical Security […]

The post Palo Alto GlobalProtect Vulnerability Allows Privilege Escalation via Certificate Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant security breach has exposed the complete source code of ERMAC V3.0, a sophisticated banking trojan that targets over 700 financial applications worldwide. The leak, discovered by cybersecurity firm Hunt.io in March 2024, was made possible by a surprisingly weak default password: “changemeplease.” The discovery occurred when Hunt.io researchers identified an open directory containing […]

The post Source Code of ERMAC V3.0 Malware Exposed by ‘changemeplease’ Password appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.