Aggregator

Защиту Минобороны напрямую пройти сложно, но можно зайти с другой стороны.

UNC5291 получила доступ к самому ценному и превратила защиту в оружие против её владельцев.

A vulnerability was found in Honor MagicOS 8.0.0.135. It has been declared as problematic. This affects an unknown part. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2025-57838. The attack must be initiated from a local position. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Honor MagicOS 8.0.0.135. It has been rated as problematic. This vulnerability affects unknown code of the component Photo Module. This manipulation causes information disclosure. This vulnerability is registered as CVE-2025-57839. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Honor FCP-AN10. This issue affects some unknown processing of the component Tileservice Module. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-57837. The attack needs to be performed locally. There is not any exploit available. It is advisable to upgrade the affected component.

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. "

The scale of credential theft through phishing has reached alarming proportions. Recent analysis of the LabHost phishing operation reveals that nearly 990,000 Canadians were directly victimized, with attackers primarily targeting private sector enterprises (76%) over government agencies (24%). The operation generated over 1.2 million total incidents across Canada, resulting in hundreds of millions of dollars […]

The post Beyond Bot Management: Why Reverse Proxy Phishing Demands a New Defense Strategy appeared first on Security Boulevard.

速修复

将在2026年1月下旬举行

Что это значит для частных лиц и компаний.

A new proof-of-concept (PoC) has been released for a serious vulnerability tracked as CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) used across Linux distributions. The flaw, rated 7.8 (High) on the CVSS scale, allows local attackers to elevate privileges to root through a sophisticated race condition and symbolic link (symlink) manipulation. Discovered in the pam_namespace […]

The post PoC Released for Linux-PAM Vulnerability Enabling Local Root Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本文首次提出并实现了可在真实 Tor 网络中部署的 Trapper 攻击，通过“选择性破坏 + 路径劫持 + 反检测”的组合策略，在仅监控单端流量的弱假设下，40 秒内 100 % 去匿名化用户。

损失资金达120万元

Папа требует подчинить технологии человеку, а не наоборот.

该评选旨在表彰本年度为中国网络安全事业作出卓越贡献的代表性人物。

综合实力位列安全行业第一