Aggregator

Криптовалюту хотят включить в сферу контроля ФСБ.

A widespread Amazon Web Services (AWS) outage on Monday disrupted operations for millions of users worldwide, knocking out access to everything from streaming giants to social media platforms and financial apps. The incident, which began early in the morning, affected high-profile services like Amazon’s own e-commerce site, Snapchat, Prime Video, Canva, and countless others reliant […]

The post AWS Outage Impacts Amazon, Snapchat, Prime Video, Canva and More – Update appeared first on Cyber Security News.

A vulnerability labeled as problematic has been found in Tawk Live Chat. The affected element is an unknown function of the component PDF Handler. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-8349. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as critical has been detected in Grupo Castilla Epsilon RH 3.03.36.010. Impacted is an unknown function of the file /epsilonnetws/WSAvisos.asmx of the component POST Request Handler. Performing manipulation of the argument sEstadoUsr results in sql injection. This vulnerability is reported as CVE-2025-41028. The attack is possible to be carried out remotely. No exploit exists.

Исторический рассказ превратил чат-бота Snapchat в боевого инструктора.

Following a funding scare that nearly shuttered the CVE program, outside experts and CISA are positioning to take charge of the 25-year-old system before the next funding crisis hits.

The post Behind the struggle for control of the CVE program appeared first on CyberScoop.

用 Rust 语言开发的浏览器引擎项目 Servo 释出了 v0.0.1 版本。Servo 源自 Mozilla，2020 年 8 月 Mozilla 在裁员时砍掉了 Servo 引擎团队的大部分成员。Servo 项目之后脱离 Mozilla 成为一个独立项目，由 Linux 基金会托管，旨在为其它项目提供一个嵌入的高性能的、安全的渲染引擎。Servo v0.0.1 支持 Linux、Windows 和 macOS 以及 Android。

Атаки становятся глобальными и более мощными, а геоблокировка больше не спасает.

Polish developer Kuba Gretzky wanted to prove that multi-factor authentication wasn’t foolproof. He succeeded — maybe too well. What happens when a cybersecurity warning becomes the threat itself?

It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect. Here’s a quick look at this week’s top threats, new tactics, and security stories shaping

Bureau Valley CUSD Protects Students and Data While Maximizing Budget and Efficiency Bureau Valley Community Unit School District (CUSD) in Manlius, Illinois, serves approximately 900 students and 180 faculty and staff. It operates on a 1:1 Chromebook model using Google Workspace for Education Fundamentals.  “If it plugs in or has a battery, it’s our responsibility,” ...

The post A “No-Brainer” Investment: Proactive Google Safety and Security with Cloud Monitor appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post A “No-Brainer” Investment: Proactive Google Safety and Security with Cloud Monitor appeared first on Security Boulevard.

A cyber intrusion by China-linked group Salt Typhoon has been observed targeting global infrastructure via DLL sideloading

Убедительный фейк о 15% НДФЛ превратился в мощного корпоративного шпиона.

白泽ers去西雅图参会啦

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability 

• CVE-2025-2746 Kentico Xperience Staging Sync Server Digest Password Authentication Bypass Vulnerability

• CVE-2025-2747 Kentico Xperience Staging Sync Server None Password Type Authentication Bypass Vulnerability

• CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability 

• CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

The suspected Chinese-backed threat actors that hacked into F5's systems and stole data from the security vendor's BIG-IP application suite spent more than a year inside the networks dtbefore being in detected in August, according to a Bloomberg report that cited unnamed sources familiar with the investigation.

The post Suspected Chinese Hackers Spent a Year-Plus Inside F5 Systems: Report appeared first on Security Boulevard.

字节 AI 出海，从隐身「字节」开始。

ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.  ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage.  The name is a little misleading, though

Erik Hjelmvik将于2025年2月23日至26日举办在线网络取证培训“Network Forensics for Incident Response”，分析包含黑客和恶意软件流量的PCAP文件。课程时间为每天13:00至17:00 CET（7am至11am EDT），限15人，费用920欧元（早鸟价828欧元）。适合蓝队、事件响应者和执法部门人员参加。