Aggregator

Как закон о «белых» хакерах может превратить их в преступников.

Meta AI 部门 Superintelligence Labs 宣布裁员 600 人。此举旨在提升 AI 部门的灵活性和响应速度。裁员主要影响 Facebook Artificial Intelligence Research (FAIR) 部门，以及专注于产品相关 AI 和 AI 基础设施的团队。新成立的 TBD Lab 不受影响，该部门负责开发下一代 AI 基础模型。首席 AI 官 Alexandr Wang 表示，减少团队成员数量将简化决策流程，增加每个职位的职责、范围和影响力。Meta 表示正鼓励受影响的员工申请公司内部的其他职位。Superintelligence Labs 包含了 TBD Lab、基础、产品和 FAIR 等部门。

10月2日，红帽（Red Hat）确认其内部咨询部门使用的一台 GitLab 实例遭遇未授权访问事件。

Как перейти от теории к практике: автоматизируйте Threat Intelligence для мгновенного обнаружения и блокирования даже самых сложных кибератак.

A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate TAR archive parsing, potentially overwriting critical files like configuration scripts and triggering remote code […]

The post TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes appeared first on Cyber Security News.

Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. "Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards," Palo Alto Networks Unit 42 researchers

好的，我现在需要帮用户总结这篇文章的内容，控制在100个字以内。首先，我得仔细阅读文章，理解主要信息。 文章讲的是一个叫做Jingle Thief的网络犯罪团伙，他们专门针对零售和消费者服务行业的云环境进行礼品卡欺诈。他们使用钓鱼和短信诈骗来获取凭证，进而非法发行礼品卡。礼品卡易于变现且难以追踪，所以他们选择在节日期间行动。这个团伙自2021年底活跃，利用云基础设施进行大规模欺诈。 接下来，我需要提炼这些要点：Jingle Thief、云环境、零售业、钓鱼攻击、礼品卡欺诈、节日时机、非法发行、难以追踪。 然后，把这些信息用简洁的语言组织起来，确保不超过100字，并且直接描述内容，不需要开头语。 可能的结构是：Jingle Thief团伙利用钓鱼攻击入侵云环境，非法发行礼品卡用于牟利，尤其在节日期间活动频繁。礼品卡难以追踪，使犯罪更隐蔽。 最后检查字数和内容是否准确传达了文章的核心信息。 Jingle Thief团伙通过钓鱼攻击入侵企业云环境，非法发行礼品卡牟利。该团伙主要针对零售和消费者服务行业，在节日期间活动频繁。其攻击手段包括窃取凭证、内部侦察和规避检测等。

Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2, enabling high-privileged local attackers to compromise confidentiality, integrity, and availability […]

The post Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox appeared first on Cyber Security News.

2025年4月，TA585演变为完全自主的运营商，注册并维护自己的恶意基础设施，被研究人员标识为CoreSecThree。其主要使用恶意软件的MonsterV2 RAT具有信息窃取、隐藏虚拟网络计算(HVNC)和剪贴板劫持等多种高级功能。

Рынок скинов «лёг» после патча Valve.

AuditBoard has reached a definitive agreement to acquire FairNow. The addition of FairNow enhances AuditBoard’s capabilities with intelligent, automated, step-by-step AI compliance guidance. As AI governance requirements expand globally, AuditBoard customers are now uniquely positioned to maintain compliance and mitigate AI-related risks. This acquisition is coupled with the release of Accelerate, AuditBoard’s new AI solution for GRC teams. The integration of FairNow’s dedicated AI governance solution aligns with the strong foundation of AuditBoard’s natural-language workflows, … More →

The post AuditBoard expands AI compliance with FairNow acquisition and Accelerate launch appeared first on Help Net Security.

The attack on Jaguar Land Rover costs the UK economy $2.5B, marking its most damaging cyber incident, says CMC. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack also impacted systems at the Solihull production plant. UK dealers reported JLR disruptions blocking car registrations and […]

捷豹路虎遭遇网络攻击致英国损失25亿美元, 影响5,000家企业, 包括供应链和经销商, 生产中断五周, 每周损失1.08亿, 预计2026年初恢复.

德国音乐制作软件公司 Steinberg 发布了 VST 3.8 SDK，宣布 VST 3 在 MIT 许可证下开源，源代码托管在 GitHub 上。Steinberg 成立于 1984 年，2004 年被日本雅马哈公司收购，成为其子公司。作为其旗舰音序器软件 Cubase 的一部分，Steinberg 于 1996 年发布了音乐软件接口技术 VST（Virtual Studio Technology）。今天音乐软件领域上有数以千计的 VST 插件。

文章探讨了网络安全专业人士的无声奉献与巨大压力。他们每天阻止大量潜在灾难性攻击，却很少获得外界认可。纪录片《Midnight in the War Room》通过讲述这些幕后英雄的故事，揭示了他们如何在高压环境下保护数字基础设施，并强调了这一职业的重要性和挑战。

Semperis’ Midnight in the War Room reveals the unseen struggles, burnout and heroism of CISOs and defenders who protect our digital world every day.

The post The Human Cost of Defense: A CISO’s View From the War Room appeared first on Security Boulevard.

当前环境异常，需完成验证后继续访问。

千元奖励金，还有新款周边喔~

国庆期间赴越南十日游，遍历河内、顺化、会安、岘港及胡志明市。行程中感受当地文化与美食，并通过大量拍照深入探索各城市特色。最终满意而归。