Aggregator

亚马逊挫败了俄罗斯情报局设置的数字陷阱，发现APT29组织通过水坑攻击窃取微软认证信息。亚马逊团队迅速应对，隔离受影响实例并中断恶意域名。此前，该组织曾伪装AWS域名进行网络钓鱼攻击。

JPCERTコーディネーションセンターは、2026年2月10日（火）に「制御システムセキュリティカンファレンス2026」の開催を予定しております。現在、講演希望者を広く募集しています。講演をご希望の方は、URLに記載の開催概要とCFP募集要項をお読みいただき、講演申込事項を記載の上、メールにてCFP担当までお送りください。

一个黑客社区欢迎新手到老手加入，提供问答和学习平台，鼓励交流地下技能，并通过Discord链接连接成员。

当前环境出现异常，需完成验证后才能继续访问，并提供验证按钮。

OpenAI 称将加强模型识别和应对情绪困扰的能力； 字节跳动即梦 AI 全面开放 API 服务； 彭博社：特斯拉进军印度首战遇冷，迄今仅获 600 多辆订单

In October 2024, Amazon disrupted another APT29 operation that attempted to use phishing domains impersonating AWS.

在性能、可靠性和成本之间寻求最佳平衡点。

该CTF题目通过​​笛卡尔积注入​​绕过SQL过滤获取管理员密码，随后通过​​环境变量注入进行RCE，全网首发wp。

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

This is a short, gentle two-part introduction to basic cryptographic concepts using text-based crypto examples. The videos illustrate encryption, decryption, ciphers, keys, algorithms, code cracking, cryptanalysis, and letter frequency analysis.  Full disclosure: I produced these videos over a decade ago. Now they are hosted directly on this web site. The technical details in the videos […]

The post Grade School Crypto Videos appeared first on Security Boulevard.

Company Says No Evidence of Customer Data Exfiltration
British carmaker Jaguar Land Rover shut down its Liverpool assembly line Tuesday following a cyberattack. "At this stage, there is no evidence any customer data has been stolen, but our retail and production activities have been severely disrupted," the company said.

Acquisition Targets Business Email Compromise, Impersonation and Spear-Phishing
Varonis has acquired SlashNext to strengthen detection of phishing and social engineering attacks. The integration will help prevent identity compromises via email, SMS and collaboration tools while enhancing Miami-based Varonis’ AI-driven data protection.

Orthopedic Group, Medical Imaging Centers, Home Healthcare Provider Report Breaches
Specialty healthcare providers know what they're about when it comes to an irregular heartbeat or a wheezing lung. Cybersecurity, not so much. Hacks on specialty medical entities easily result in tens of thousands, if not hundreds of thousands, or even millions, of patient records being compromised.

Gap in Microsoft Blocklist Exploited, ValleyRAT Runs Undetected
A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching.

Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank's real-time payment system (Pix). [...]

Threat Attack Daily - 2nd of September 2025