Aggregator

CVE-2026-3598 | rustdesk-server-pro RustDesk Server Pro up to 1.7.5 risky encryption

1 month 2 weeks ago

A vulnerability was found in rustdesk-server-pro RustDesk Server Pro up to 1.7.5. It has been classified as problematic. This impacts an unknown function. The manipulation leads to risky cryptographic algorithm. This vulnerability is listed as CVE-2026-3598. The attack may be initiated remotely. There is no available exploit.

vuldb.com

Joint guidance on supply chain risks and mitigations for artificial intelligence and machine learning

CCCS - Guidance, news and events

1 month 2 weeks ago

Canadian Centre for Cyber Security

«Свои среди чужих». Как злоумышленники подселяют фальшивые узлы в системы Cisco и остаются незамеченными

Securitylab.ru

1 month 2 weeks ago

Пособие для тех, кто привык доверять заводским настройкам.

Google says 90 zero-days were exploited in attacks last year

Bleeping Computer.

1 month 2 weeks ago

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. [...]

Bill Toulas

Codenotary Trust delivers autonomous AI security for Linux and Kubernetes

Help Net Security

1 month 2 weeks ago

Codenotary has announced Codenotary Trust, a unified SaaS platform that uses AI to instantly detect, prioritize, and autonomously fix security, configuration, and performance issues, while also providing rollback capabilities. Importantly, the product is designed with the talent shortage in mind so that expert-level security management is made accessible to junior and mid-level administrators. Codenotary helps close the training gap reported by The Linux Foundation with 65% of organizations understaffed in cybersecurity and compliance. Codenotary Trust … More →

The post Codenotary Trust delivers autonomous AI security for Linux and Kubernetes appeared first on Help Net Security.

Industry News

2026 Browser Data Reveals Major Enterprise Security Blind Spots

Bleeping Computer.

1 month 2 weeks ago

The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engineering drive new security blind spots. [...]

Russian APT targets Ukraine with BadPaw and MeowMeow malware

Security Affairs

1 month 2 weeks ago

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When […]

Pierluigi Paganini

Interview with Tom Howe of Hydrolix: AI Bots, the Friends, Foes, and Frenemies of Online Shopping

Hack Read

1 month 2 weeks ago

Hydrolix expert Tom Howe explains how AI bots impact ecommerce, how to spot good vs malicious bots, and why blocking them can hurt sales.

Owais Sultan

RedAlert Mobile Espionage Campaign Targets Civilians with Trojanized Rocket Alert App for Surveillance

Cyber Security News

1 month 2 weeks ago

War zones have always been hunting grounds for opportunistic attackers, but the RedAlert mobile espionage campaign marks one of the most calculated examples of weaponizing civilian fear. Against the backdrop of the ongoing Israel-Iran kinetic conflict, threat actors crafted a trojanized version of Israel’s official “Red Alert” emergency app — a life-saving tool civilians depend […]

The post RedAlert Mobile Espionage Campaign Targets Civilians with Trojanized Rocket Alert App for Surveillance appeared first on Cyber Security News.

Tushar Subhra Dutta

Google says 90 zero-days exploited in 2025 as commercial vendor activity grows

The Record

1 month 2 weeks ago

Google Threat Intelligence Group said it tracked 90 zero-day vulnerabilities that were exploited by a variety of actors last year, surpassing the 78 that were used by threat actors in 2024.

Push Security adds malicious browser extension detection to block threats in employee browsers

Help Net Security

1 month 2 weeks ago

Push Security has announced new malicious browser extension detection and blocking capabilities within its browser-based security platform. The feature enables organizations to automatically block known-bad extensions from running in employee browsers. Attackers are increasingly turning to malicious browser extensions as a preferred method of compromise. Recent campaigns such as ShadyPanda, ZoomStealer, and GhostPoster, along with breaches impacting vendors including Cyberhaven and Trust Wallet, highlight the growing risk posed by compromised extensions. “Browser extensions represent one … More →

The post Push Security adds malicious browser extension detection to block threats in employee browsers appeared first on Help Net Security.

Industry News

Hunting for malicious OpenClaw AI in the modern enterprise

The Red Canary Blog: Information Security Insights

1 month 2 weeks ago

We deconstruct a threat hunt for malicious OpenClaw AI agents, outlining how we identify and migitate risks posed by unauthorized AI skills.

Brittany Sattler

Смена пароля больше не поможет. Почему хакеры из Tycoon 2FA годами оставались незамеченными

Securitylab.ru

1 month 2 weeks ago

Преступная империя процветала, скрываясь внутри обычных чатов.

【资料】西方智库分析认为：伊朗导弹即将耗尽

丁爸情报分析师的工具箱

1 month 2 weeks ago

美国犹太安全研究所今天发文认为：伊朗的导弹即将用完。伊朗的弹道导弹库，经过数十年的努力已成为其军事力量的核心，但在美国和以色列的数日打击下便彻底崩溃了。

‘We’re not trying to remake the economy’: FTC’s Mufarrige charts new course on tech enforcement

The Record

1 month 2 weeks ago

The FTC's Bureau of Consumer Protection chief discussed the agency’s embrace of age verification and how industry should think about data privacy enforcement under his watch.