Aggregator

Apitor научила детей программированию и шпионажу за родительские деньги.

Hackers are using legitimate red team tool Hexstrike-AI to simplify and speed up vulnerability exploitation

Microsoft has officially acknowledged a significant bug in recent Windows security updates that is causing application installation and repair failures across multiple versions of Windows 10, Windows 11, and Windows Server. The issue stems from a security enhancement in the August 2025 updates, which now incorrectly triggers User Account Control (UAC) prompts for standard, non-administrator […]

The post Microsoft Confirms UAC Bug Breaks App Install On Windows 11 And 10 Versions appeared first on Cyber Security News.

9月13日，腾讯安全沙龙第5期将在南京国际博览中心隆重举行

Educational institutions have become prime targets in the escalating battle against commodity information stealers. First emerging in 2022 as an open-source project on GitHub, Stealerium was initially released “for educational purposes” but rapidly attracted illicit interest. Adversaries adapted and enhanced the code to create variants—such as Phantom Stealer and Warp Stealer—resulting in a family of […]

The post Threat Actors Using Stealerium Malware to Attack Educational Organizations appeared first on Cyber Security News.

Многофакторная аутентификация уже не панацея от кибератак. Разбираемся, как оценить современное MFA-решение по пяти ключевым критериям и чем платформа Duo помогает построить защиту будущего без лишних затрат и сложностей.

Currently trending CVE - Hype Score: 25 - Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Currently trending CVE - Hype Score: 30 - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Currently trending CVE - Hype Score: 17 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers to execute malicious SQL code on web servers using the popular framework. The flaw, identified as CVE-2025-57833, affects multiple versions of Django, prompting an urgent call for all users to upgrade their installations as soon as possible. […]

The post Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers appeared first on Cyber Security News.

ИИ-помощник сам сливает пользователей хакерам.

ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were detected (Source: ESET) GhostRedirector used two custom tools that had not been documented before: a passive C++ backdoor called Rungan and a malicious IIS module called Gamshen. The group is very likely linked to China. Rungan can run commands … More →

The post New threat group uses custom tools to hijack search results appeared first on Help Net Security.

Elevate OT Cyber Skills Through Training, Collaboration and Practice
Operational technology incidents can have physical as well as digital consequences, from halting plant production to endangering lives. Training tailored to OT security is essential for protecting critical systems while maintaining operational continuity.

Most B2B companies build cybersecurity programs backwards - starting with compliance instead of real security. Learn why this approach fails and how fractional CISO services can help you build effective security that actually prevents breaches while achieving compliance.

The post Why Compliance-First Cybersecurity Programs Fail (And What Actually Works) appeared first on Security Boulevard.

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results

The United States government has announced a reward of up to $10 million for information leading to the identification or location of three Russian intelligence officers. The bounty, offered through the Department of State’s Rewards for Justice program, targets members of the Russian Federal Security Service (FSB) accused of conducting widespread malicious cyber campaigns against […]

The post US Offers $10M Bounty For FSB Hackers Who Exploited Cisco Vulnerability To Attack Critical Infrastructure appeared first on Cyber Security News.

A new Cobalt study finds healthcare organizations among the slowest at resolving serious vulnerabilities

A critical zero-day vulnerability in several Sitecore products could allow attackers to execute code remotely. The vulnerability, identified as CVE-2025-53690, stems from a ViewState deserialization flaw and is being actively exploited in the wild. The investigation by Mandiant revealed that attackers are leveraging exposed ASP.NET machine keys that were included in Sitecore deployment guides from […]

The post Google Warns of Zero-Day Vulnerability in Sitecore Products Allowing Remote Code Execution appeared first on Cyber Security News.

Камеры следят за вами, даже когда вы не в Zoom.

Экологи предложили способ решить две проблемы одним “выстрелом”.