Aggregator

介绍网络安全专家克里斯·蒙泰罗和记者卡尔·米勒发现并调查一个暗网上的虚假雇佣杀手网站的故事。 克里斯最初调查该网站时认为它是一个骗局，但通过一个安全漏洞获得了用户的机密信息，揭示了真实存在的谋杀委托。 尽管面临威胁和警方的不信任，他们坚持揭露这个网站，警告潜在受害者，甚至与警方合作促成了一些逮捕行动。 这个经历对他们个人产生了深刻影响，并让他们质疑媒体和执法部门在这种极端情况下的作用。

微软宣布开源 Windows Subsystem for Linux(WSL)，源代码采用 MIT 许可证托管在该公司旗下的 GitHub 平台上。微软是在 2016 年的 BUILD 开发者大会上首次宣布 WSL，它随 Windows 10 周年更新提供给用户。WSL 一开始是基于 pico-processes 程序 lxcore.sys 实现原生运行 ELF 可执行程序，在 Windows 内核中实现 Linux 系统调用，这就是第一代的 WSL。微软随后认识到实现与原生 Linux 最佳兼容性的最好方法是依赖 Linux 内核本身。WSL 2 由此诞生，它于 2019 年首次宣布。WSL 的最新版本是 WSL 2.5.7。

跟朋友们报告近期我在产品上的折腾。

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names of the Python packages are below - checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads)

本期为大家精选5款工具，覆盖漏洞扫描、安全审计、中间件渗透、资产存活验证及敏感信息提取等核心场景，助你在HVV中快速定位风险、抢占先机！

同学看这里！1.5天特训营，带你破解加密流量攻防迷局，掌握代码逆向核心技术，直面HVV实战对抗场景！

In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that openness fueled strong communities and faster security improvements, making OSS often more secure than proprietary code. Today, a new kind of misinformation has emerged, the opposite of FUD: it downplays real open source security risks that should raise concern. The biggest security fallacy today is that Linux namespaces are security boundaries. From … More →

The post Containers are just processes: The illusion of namespace security appeared first on Help Net Security.

A vulnerability classified as problematic was found in SimpleLightbox Photo Gallery, Sliders, Proofing and Themes up to 2.1.5 on WordPress. Affected by this vulnerability is an unknown functionality of the component JavaScript Library. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5878. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Motors Plugin up to 5.6.67 on WordPress. Affected is an unknown function of the component Password Update Handler. The manipulation leads to unverified password change. This vulnerability is traded as CVE-2025-4322. It is possible to launch the attack remotely. There is no exploit available.

Currently trending CVE - Hype Score: 12 - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.

A vulnerability was found in Broadcom Automic Automation up to 21.0.13/24.3.0 HF3. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to untrusted search path. The identification of this vulnerability is CVE-2025-4971. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Canon imageRUNNER, imageCLASS, i-sensys and Satera. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2025-3079. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Canon imageRUNNER ADVANCE, imageRUNNER, imagePRESS V, imagePRESS and imageCLASS. It has been classified as problematic. This affects an unknown part. The manipulation leads to insufficiently protected credentials. This vulnerability is uniquely identified as CVE-2025-3078. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Pure Storage PX Backup up to 2.6.0/2.7.3/2.8.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to sensitive information in log files. This vulnerability is handled as CVE-2025-1308. Local access is required to approach this attack. There is no exploit available.

In this Help Net Security interview, Brooke Johnson, Chief Legal Counsel and SVP of HR and Security, Ivanti, explores the legal responsibilities in AI governance, highlighting how cross-functional collaboration enables safe, ethical AI use while mitigating risk and ensuring compliance. From a legal and governance perspective, what are the biggest risks of unmanaged AI use? The core risks lie at the intersection of technology, ethics and law. GenAI tools, while powerful, introduce challenges in areas … More →

The post Why legal must lead on AI governance before it’s too late appeared first on Help Net Security.

Privacy Activists Decry Loosening Record-Keeping Requirements
Privacy rights groups urged the European Commission to retreat from proposals to revise the GDPR. Europe pledged to lessen record-keeping obligations for companies with up to 500 employees so long as the data processing isn't "likely to result in a high risk."

Healthcare Providers Are Among Nationwide Recovery Service Data Breach Victims
A 2024 hacking incident at a debt collection firm has affected a growing list of clients and at least hundreds of thousands of individuals so far, including 210,000 patients of Harbin Clinic in Georgia and nearly 90,000 patients of Texas-based Vitruvian Health, also known as Hamilton Health Care.

New Cyber Law Enables Agencies to Neutralize Attackers' Servers Located Abroad
The Japanese Parliament passed the long-delayed active cyber defense bill on Friday, paving the way for government agencies to monitor external telecommunications and preemptively respond to signs of cyberattacks, including neutralizing attackers' servers.

Ministry of Justice Discloses April 23 Breach
Hackers stole from the U.K. Ministry of Justice personal information pertaining to criminal defendants in need of an attorney, the British government disclosed Monday. The ministry on Monday said it detected on April 23 a breach that targeted the Legal Aid Agency.