Aggregator

Reko订阅经理是一款跨平台的订阅管理应用，支持iPhone和Android设备。它内置了多种国际订阅服务如Spotify、Netflix等，并提供日历功能。iPhone版当前内购限免，Android版需7美元。暂不支持国内服务Logo和多货币选择。

Новая модель ИИ превращает сухие показатели здоровья в подробные истории о вашей жизни.

Citrix has released two new offerings to help enterprises provide secure application access for their entire workforce amid an evolving threat landscape. The first is its post-quantum cryptography (PQC) solution for NetScaler which addresses the emerging threat that quantum computing poses to current cryptographic standards. Citrix is also announcing the Citrix Virtual Apps and Desktops (CVAD) 2507 Long Term Service Release (LTSR), which delivers new features, platform support, and performance improvements, while maintaining the stability … More →

The post Citrix delivers new tools for quantum-ready, anywhere work appeared first on Help Net Security.

在数字浪潮席卷全球、科技产业变革加速的当下，网络安全已从单一技术议题，跃升为关乎国家战略、企业发展与个人安全

维沃移动通信有限公司(Vivo)宣布了用 Rust 开发的蓝河操作系统 BlueOS。Rust 开发的蓝河内核支持 POSIX 接口和 Rust std（标准库），支持 ARM32、ARM64、RISCV32、RISCV64 芯片架构。Vivo 称 BlueOS 是首个从内核到系统框架全栈由 Rust 语言编写的操作系统，Rust 语言的一系列安全特性，在编译阶段就可以发现内存使用不当导致的安全漏洞，从源头实现天生更安全。

It’s often the case that the simplest tools have the longest staying power, because they ultimately get the job done. Take duct tape, for example: it’s a sturdy household classic that wasn’t invented to be elegant or high tech. It was made to work whether dealing with a leaky tent or an inconvenient puncture – a reliable way to just get the job done in a sticky situation. Stolen credentials play a similar role in … More →

The post Why stolen credentials remain cybercriminals’ tool of choice appeared first on Help Net Security.

Microsoft’s Direct Send functionality has emerged as a critical attack vector in sophisticated phishing operations, with threat actors exploiting the […]

The post Microsoft 365’s Direct Send Exploited to Bypass Defenses with Internal Phishing appeared first on HawkEye.

Security researchers have disclosed a critical zero-day vulnerability in CrushFTP, a popular file transfer server solution, that allows attackers to execute arbitrary commands on affected systems without authentication. The vulnerability, tracked as CVE-2025-54309, has been assigned a maximum CVSS score of 9.8 and poses an immediate threat to organizations running vulnerable CrushFTP installations. Authentication Bypass Leads […]

The post CrushFTP Hit by Critical 0-Day RCE Vulnerability – Full Technical Details and PoC Published appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

大华摄像头被发现存在严重安全漏洞，允许黑客远程控制设备。这些漏洞影响多个型号的摄像头，并已被修复。用户应立即更新固件以防范风险。

Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap. Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed hackers to take full control of the devices remotely. Fortunately, the vulnerabilities have been patched, but users are urged to update […]

Palo Alto Networks and CyberArk announced that they have entered into a definitive agreement under which Palo Alto Networks will acquire CyberArk. Under the terms of the agreement, CyberArk shareholders will receive $45.00 in cash and 2.2005 shares of Palo Alto Networks common stock for each CyberArk share. This represents an equity value of approximately $25 billion for CyberArk and a 26% premium to the unaffected 10-day average of the daily VWAPs of CyberArk as … More →

The post Palo Alto Networks to acquire CyberArk in $25 billion deal appeared first on Help Net Security.

研究人员发布了针对FunkSec勒索软件的免费解密器，使受害者能够恢复加密文件。该勒索软件于2024年底出现，使用Rust编写，并利用AI工具开发。其运营与支持巴勒斯坦的黑客活动有关。

Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free. Researchers at Avast developed a decryptor for the FunkSec ransomware. Gen Digital researchers released a decryptor for the FunkSec ransomware after cooperating with law enforcement to neutralize the threat. “Researchers at Avast developed a decryptor for the […]

近日，英伟达算力芯片被曝出存在严重安全问题。国家互联网信息办公室于2025年7月31日约谈了英伟达公司，要求英伟达公司就对华销售的H20算力芯片漏洞后门安全风险问题进行说明并提交相关证明材料。

澳大利亚周三表示，针对 16 岁以下儿童的社交媒体禁令覆盖的网站将包含 YouTube，不再豁免 Google 旗下的视频共享平台。这一决定是在监管机构的调查发现 37% 的未成年人报告了 YouTube 的有害内容，在所有社媒平台之间比例最高。儿童社媒禁令将于今年 12 月生效。YouTube 表示，澳大利亚 13 至 15 岁的儿童有近四分之三使用该平台，它不应该被归类为社媒平台，因为它主要托管视频，是一个视频共享平台，有大量高质量的内容库，用户越来越多的通过电视观看内容，它不是社交媒体。禁令覆盖的社媒平台 Meta Platforms、TikTok 和 Snap 则都表示 YouTube 和它们一样都使用算法根据用户活动推荐内容。

RedHook обчистит вас до копейки, а антивирус даже не заикнётся об угрозе.

A team of researchers has developed a new AI model, called White-Basilisk, that detects software vulnerabilities more efficiently than much larger systems. The model’s release comes at a time when developers and security teams face mounting pressure to secure complex codebases, often without the resources to deploy large-scale AI tools. A compact model with big results Unlike LLMs, which can require billions of parameters and heavy computational power, White-Basilisk is compact, with just 200 million … More →

The post New AI model offers faster, greener way for vulnerability detection appeared first on Help Net Security.

A vulnerability classified as problematic was found in JetBrains TeamCity. This vulnerability affects unknown code of the component agentPushPreset Page. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-54534. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Salesforce Tableau Server on Windows/Linux and classified as critical. Affected by this vulnerability is an unknown functionality of the component tabdoc API. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-52452. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Salesforce Tableau Server on Windows/Linux. It has been classified as critical. This affects an unknown part of the component Data Source Module. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-52453. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.