Aggregator

根据杜克大学研究人员在 PNAS 期刊上发表的一项研究，使用 AI 是一把双刃剑——生成式 AI 可能会提高部分人的生产力，但也可能会损害他们的职业声誉。研究发现，在工作中使用 ChatGPT、Claude 和 Gemini 等 AI 工具的员工会面临同事和上司对其能力和积极性的负面评价。研究团队对逾 4400 名参与者展开了四项实验，调查对使用 AI 工具的用户的预期和实际评价。研究揭示了人们对使用 AI 帮助完成工作的人存在一致的偏见。针对 AI 用户的社会污名并不局限于特定人群。

A North Korea-linked attack group, known as WaterPlum (also referred to as Famous Chollima or PurpleBravo), has been actively targeting financial institutions, cryptocurrency operators, and FinTech companies globally. Since 2023, their infamous Contagious Interview campaign has utilized malware such as BeaverTail and InvisibleFerret to infiltrate systems. However, in September 2024, WaterPlum introduced a sophisticated new […]

The post North Korea’s OtterCookie Malware Added a New Feature to Attack Windows, Linux, and macOS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Почти каждая монета — ловушка, почти каждый пул — обман.

A vulnerability was found in MTSoftware C-Lodop 6.6.1.1. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The identification of this vulnerability is CVE-2025-4540. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2025-4539. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #566789 / VDB-308285

A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-4538. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #566698 / VDB-308284

От репликации ДНК до новых материалов — потенциал огромен.

Submit #567142 / VDB-308283

Submit #566596 / VDB-308283

Submit #567159 / VDB-193113

Submit #567123 / VDB-220010

A newly identified information-stealing malware, dubbed PupkinStealer, Developed in C# using the .NET framework, this lightweight yet effective malware targets sensitive user data, including browser credentials, desktop files, messaging app sessions, and screenshots. According to a CYFIRMA detailed analysis shared with Cyber Security News, PupkinStealer leverages Telegram’s Bot API for stealthy data exfiltration, underscoring the […]

The post “PupkinStealer” A New .NET-Based Malware Steals Browser Credentials & Exfiltrate via Telegram appeared first on Cyber Security News.