Aggregator

客户联系信息和案例数据遭窃取

瑞士发布了完整开源的大模型 Apertus——即不仅公开模型权重，还公开了训练数据集和文档等资料。Apertus 的源代码和训练集都允许商业使用。它的数据集包含了 15 万亿 tokens，涵盖了逾千种语言。Apertus 的开发明确遵守瑞士数据保护和版权法，纳入了可追溯的退出机制以尊重数据源的偏好。用户可通过瑞士官网访问大模型，也可以通过 Hugging Face 和 Public AI Inference Utility 访问。

Как любимые гаджеты постоянно сливают данные о местоположении пользователей, и что с этим можно сделать.

August was a busy month at ANY.RUN. We expanded our list of connectors with Microsoft Sentinel and OpenCTI, added Linux Debian (ARM) support to the SDK, and strengthened detection across hundreds of new malware families and techniques. With fresh signatures, rules, and product updates, your SOC can now investigate faster, detect more threats in real time, and keep defenses sharp […]

The post Release Notes: Fresh Connectors, SDK Update, and 2,200+ New Detection Rules  appeared first on ANY.RUN's Cybersecurity Blog.

再也不说一次打包，到处部署了。

A significant outage of Google services, including its search engine, Gmail, and YouTube, has affected users across Turkey and several countries in Eastern Europe. The disruption, which began on Thursday morning, also impacted other popular platforms such as Google Maps, Drive, and Analytics. Monitoring websites like Downdetector confirmed widespread service interruptions, with a spike in […]

The post Google Services Down For Most Of The Users In US, Turkey And Eastern Europe appeared first on Cyber Security News.

免费中秋礼盒、新人额外加成、还有全系数业务翻倍都在OSRC等着你！

Apitor научила детей программированию и шпионажу за родительские деньги.

Hackers are using legitimate red team tool Hexstrike-AI to simplify and speed up vulnerability exploitation

Microsoft has officially acknowledged a significant bug in recent Windows security updates that is causing application installation and repair failures across multiple versions of Windows 10, Windows 11, and Windows Server. The issue stems from a security enhancement in the August 2025 updates, which now incorrectly triggers User Account Control (UAC) prompts for standard, non-administrator […]

The post Microsoft Confirms UAC Bug Breaks App Install On Windows 11 And 10 Versions appeared first on Cyber Security News.

9月13日，腾讯安全沙龙第5期将在南京国际博览中心隆重举行

Educational institutions have become prime targets in the escalating battle against commodity information stealers. First emerging in 2022 as an open-source project on GitHub, Stealerium was initially released “for educational purposes” but rapidly attracted illicit interest. Adversaries adapted and enhanced the code to create variants—such as Phantom Stealer and Warp Stealer—resulting in a family of […]

The post Threat Actors Using Stealerium Malware to Attack Educational Organizations appeared first on Cyber Security News.

Многофакторная аутентификация уже не панацея от кибератак. Разбираемся, как оценить современное MFA-решение по пяти ключевым критериям и чем платформа Duo помогает построить защиту будущего без лишних затрат и сложностей.

Currently trending CVE - Hype Score: 25 - Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Currently trending CVE - Hype Score: 30 - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Currently trending CVE - Hype Score: 17 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers to execute malicious SQL code on web servers using the popular framework. The flaw, identified as CVE-2025-57833, affects multiple versions of Django, prompting an urgent call for all users to upgrade their installations as soon as possible. […]

The post Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers appeared first on Cyber Security News.

ИИ-помощник сам сливает пользователей хакерам.

ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were detected (Source: ESET) GhostRedirector used two custom tools that had not been documented before: a passive C++ backdoor called Rungan and a malicious IIS module called Gamshen. The group is very likely linked to China. Rungan can run commands … More →

The post New threat group uses custom tools to hijack search results appeared first on Help Net Security.