Aggregator

An international law enforcement operation has successfully dismantled Tycoon 2FA, one of the most formidable phishing-as-a-service platforms in

The post The Fall of a Phishing Giant: How International Law Enforcement Crushed the Tycoon 2FA Empire appeared first on Penetration Testing Tools.

Artificial intelligence tools are now a core part of everyday workflows — from browsers that summarize web pages to automated agents that help users make decisions online. As these tools become more capable, attackers are learning how to turn them against the very people they are designed to serve. A method called indirect prompt injection […]

The post Hackers Can Use Indirect Prompt Injection Allows Adversaries to Manipulate AI Agents with Content appeared first on Cyber Security News.

3月16 - 19日，NVIDIA初创加速计划将携手创业生态合作伙伴、优秀会员企业代表及创投联盟资深投资人在GTC 2026上带来全新会议特辑。会议包含3场针对中国创业者的精彩演讲。特辑内容将围绕中国创业生态格局、前沿技术趋势、2025年中国AI市场前景，以及重点行业投资方向等议题展开，全景呈现当前AI创业、前沿技术领域的热门话题。GTC现场还将设置Inception Startup Pavilion创业企业展区、投资人AI Day、创业公司和投资机构路演等环节。

За что взломщики возненавидели администрацию торрент-трекера YggTorrent.

Mozilla Staff Platform Engineer Gabriele Svelto 称十分之一的 Firefox 崩溃是比特翻转导致的。比特翻转（Bitflips）是指储存在电子设备上的个别比特发生翻转的事件，比如从 0 变为 1 或反之亦然。导致比特翻转的自然因素主要包括宇宙射线、功率波动和温度等。Firefox 去年部署了浏览器崩溃后在用户电脑上运行的内存测试工具。上周 Firefox 收到了 47 万份崩溃报告。崩溃报告是用户自愿递交的，因此实际崩溃数量通常会是报告的数倍。47 万份崩溃报告中约 2.5 万份检测到可能是比特翻转导致的。意味着每 20 次崩溃中就有一次可能是由内存不稳定或间歇性出错导致的。由于检测方法非常保守，实际数量至少是两倍，即十分之一。Gabriele Svelto 指出硬件不稳定的用户比硬件稳定的用户更可能遭遇崩溃。他表示今天的笔记本电脑和智能手机的内存通常是焊在设备上，要更换基本上不可能。

In a recent dossier, OX Research delineated how a mundane email dispatched to a corporate address can precipitate

The post The “Phantom” Character: How a Single Email Can Seize Full Control of Your FreeScout Helpdesk appeared first on Penetration Testing Tools.

陌陌安全课堂：AI 代码审计（逻辑漏洞方向）讲解

作者：Nancy Lau1, Louis Sloot2, Jyoutir Raj等 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2603.02297v1 摘要 大语言模型（LLMs）正越来越多地作为软件工程智能体部署，自主为代码仓库贡献内容。这类智能体的一大优势是能够发现并修复其负责维护的代码库中的安全漏洞。为评估智能体在该领域的能力，我们提出了...

For several years, the Silver Dragon syndicate has orchestrated a clandestine cyber offensive against state apparatuses and prominent

The post The Google Drive Shadow: Unmasking Silver Dragon’s “GearDoor” Backdoor and the Silent Return of APT41 appeared first on Penetration Testing Tools.

追踪特定的摄像头攻击活动或可成为预判后续实体军事行动的早期指标。

Business email compromise (BEC) and funds transfer fraud combined for 58% of all cyber insurance claims filed in 2025, according to data from Coalition covering more than 100,000 policyholders across the United States, Canada, the United Kingdom, Australia, and Germany. BEC was the single most common claim type at 31%, with frequency rising 15% year over year to 0.47%. Average losses per BEC incident dropped 28% to $27,000, a decline attributed to faster detection and … More →

The post Backup strategies are working, and ransomware gangs are responding with data theft appeared first on Help Net Security.

三菱電機製MELSEC iQ-FシリーズのEtherNet/IPユニットおよびEthernetユニットのEthernet機能には、複数の脆弱性が存在します。

While the majority of the corporate world remains preoccupied with the latest vulnerabilities, a cadre of Chinese threat

The post The Evoxt Labyrinth: Unmasking the New Subterranean Infrastructure of China’s PlugX Syndicates appeared first on Penetration Testing Tools.

A vulnerability identified as critical has been detected in Talishar. This impacts an unknown function of the file ParseGamestate.php. Performing a manipulation of the argument gameName results in path traversal. This vulnerability is identified as CVE-2026-28429. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability, which was classified as critical, was found in Talishar. Impacted is an unknown function of the component Chat Message Handler. Executing a manipulation of the argument authKey can lead to improper authentication. This vulnerability appears as CVE-2026-28428. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability labeled as problematic has been found in mcp-memory-service up to 10.20.x. This issue affects some unknown processing of the component Health Endpoint. Executing a manipulation can lead to information disclosure. This vulnerability appears as CVE-2026-29787. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in OpenClaw up to 2026.2.1. This vulnerability affects unknown code of the component Matrix Plugin. Performing a manipulation results in improper authentication. This vulnerability is reported as CVE-2026-28471. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in OpenClaw up to 2026.2.13. This affects an unknown part of the component OAuth Call Handler. Such manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2026-28477. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.2.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Environment Variable Handler. This manipulation causes uncontrolled search path. This vulnerability is registered as CVE-2026-29610. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in OpenClaw up to 2026.2.13. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-28476. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.