Aggregator

Why planning and rehearsing your recovery from an incident is as vital as building your defences

Submit #639745 / VDB-323236

Submit #639709 / VDB-128117

King, a leading voice in the Senate on cybersecurity issues, honed in on the thousands of staffers and experts laid off by CISA, saying the agency has lost 30 percent of its staff and most of its seasoned leaders.

The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. [...]

Submit #639041 / VDB-323235

Submit #637921 / VDB-323234

Submit #636882 / VDB-323233

Google 周二同意遵守韩国的要求，对敏感卫星图像进行模糊处理，为 Google 在韩国提供地图服务铺平道路。韩国是中俄之外少数 Google Maps 不能正常工作的地区之一，原因是韩国法律要求企业将核心地理空间数据存储在当地，而 Google 长期以来拒绝这么做。Naver 和 Kakao 等韩国本土科技公司垄断了当地地图服务市场，让不熟悉这些平台的外国游客导航更加困难。Google 的最新举措标志着 Google 与韩国持续近二十年争执的结束。

Why CISOs Must Rethink Access, Behavioral Analytics and AI Governance at Scale
Zero trust is evolving beyond static controls and network segmentation. CISOs must prepare for dynamic, behavior-driven security models that incorporate real-time intelligence, enforce identity and data safeguards, and manage AI as both a threat vector and a security tool.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. [...]

Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.

A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read…

Five months ago, during a family road trip, I grew frustrated when my favorite mobile game, Clash Royale, kept lagging. “This shouldn’t be happening,” I thought. “I want to play now and expect to access the service anytime, anywhere.” Little did I know just how much effort it takes to truly guard the connected world...

On a recent family road trip, I was very upset when my favorite mobile game, Clash Royale, kept lagging. “There are service degradations in this spot,” I thought to myself. A few days later, I received a scam message telling me I had unpaid tolls, and to click the link the scammer sent. This was clearly a bad actor...

Fortinet has disclosed a significant OS command injection vulnerability in its FortiDDoS-F appliances that could allow privileged attackers to execute unauthorized code or commands through the command-line interface (CLI). The security flaw, identified as CVE-2024-45325, affects multiple versions of the FortiDDoS-F product line and carries a CVSS 3.1 score of 6.5, indicating medium severity. Vulnerability Details […]

The post FortiDDoS Vulnerability Lets Hackers Execute Unauthorized OS Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

一项涵盖 5600 万人的分析显示，暴露于空气污染环境会增加患某一特定类型痴呆症的风险。该类型即路易体痴呆，是继阿尔茨海默病和血管性痴呆后发病率第三高的痴呆类型。研究指出，长期暴露于 PM2.5 与路易体痴呆患者或帕金森病患者罹患痴呆症之间存在明确关联。路易体痴呆是一个统称，涵盖两种不同类型的痴呆症，即伴痴呆的帕金森病和路易体痴呆。在这两种情况下，痴呆的发病均与α-突触核蛋白（αSyn）在大脑神经细胞内聚集成团——又称路易体有关。这些蛋白团会导致神经细胞功能丧失并最终死亡。为探究空气污染暴露影响痴呆风险的原因，研究团队开展了小鼠实验。研究人员通过鼻腔让小鼠暴露于PM2.5环境，随后对小鼠进行与痴呆症状相关的行为测试。在暴露于PM2.5环境10个月后，小鼠在用于评估空间记忆的迷宫探索测试、用于评估新物体识别能力的测试中，均表现出行为障碍。同时，研究团队还观察到，10个月时小鼠大脑中α-突触核蛋白的聚集量显著增加。暴露于PM2.5环境10个月还导致小鼠内侧颞叶萎缩，这一脑区负责记忆的形成与提取。相比之下，缺乏α-突触核蛋白的基因改造小鼠，其大脑未出现上述变化。这一结果表明，α-突触核蛋白是神经退行性病变发生的必要条件。

Salat Stealer has emerged as a pervasive threat targeting Windows endpoints with a focus on harvesting browser-stored credentials and cryptocurrency wallet data. First detected in August 2025, this Go-based infostealer leverages a range of evasion tactics, including UPX packing and process masquerading, to slip past conventional defenses. Its operators advertise the malware through social engineering […]

The post Salat Stealer Exfiltrates Browser Credentials Via Sophisticated C2 Infrastructure appeared first on Cyber Security News.

Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute unauthorized commands. Tracked as CVE-2024-45325, the flaw is an OS command injection vulnerability residing within the product’s command-line interface (CLI). The vulnerability, identified as CWE-78, stems from an improper neutralization of special elements used in an […]

The post FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands appeared first on Cyber Security News.