Aggregator

A vulnerability was found in Docker Desktop up to 4.61.x on Windows. It has been declared as problematic. Impacted is an unknown function of the file /proc/docker of the component Linux VM. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-2664. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.

血液中的一种蛋白质 p-tau217 能显著提高阿尔茨海默病的正确诊断。研究人员追踪了 200 名年龄 50 岁及以上、出现认知症状的新患者，依靠标准临床评估医生对阿尔茨海默病的正确诊断率为 75.5%，结合血液检测结果后正确率提高到 94.5%。p-tau217（Phosphorylated tau）是一种存在于大脑中的天然蛋白质，有助于维持神经元的稳定和健康。当 p-tau217 异常磷酸化，聚成一团，形成缠结破坏脑细胞之间的通讯。随着时间的推移，这种损伤会影响大脑功能，导致阿尔茨海默病等神经退行性疾病。虽然 p-tau217 并非阿尔茨海默病的直接病因，但血液中 p-tau217 水平升高被公认为该病的早期预警信号之一。

Связь будущего вытащили из стерильной лаборатории в грязный город. И вот что получилось.

Microsoft expands Microsoft Sovereign Cloud with new disconnected and AI capabilities that help organizations run critical infrastructure, productivity services and large AI models inside sovereign boundaries while keeping governance and operational continuity across connected and disconnected environments. Sovereign Private Cloud unifies Azure Local, Microsoft 365 Local and Foundry Local, bringing infrastructure, productivity and support for large AI models to any operational boundary. (Source: Microsoft) “Customers can choose the right control posture for each workload, through … More →

The post Microsoft expands Sovereign Cloud security with governance, local productivity and AI appeared first on Help Net Security.

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like malware designed to spread through software supply chains rather than traditional end-user systems. New npm worm builds on Shai-Hulud’s playbook After last year’s bombshell appearance of the self-replicating “Shai-Hulud” worm on the official npm registry, the … More →

The post Self-spreading npm malware targets developers in new supply chain attack appeared first on Help Net Security.

Investments in cybersecurity startups took off in 2025 as venture capital firms focused not just on AI-native tech but on talent as well.

SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. [...]

ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes

Инженер OpenAI потерял $250000 из-за ошибки в коде торгового бота.

如果要回到过去，摧毁一项技术，从而让AI无法统治人类，应该怎么办？

Catalin Dragomir admits to hacking an Oregon government office and selling network access. Read more on the $250k fraud case and his 2026 sentencing.

贪：什么都想要 嗔：什么都看不惯 痴：什么都想不明白 慢：什么都看不起 疑：什么都不相信

Эффективность 3% — пока мало для массового производства, но подход работает.

A Russian-linked cybercrime group named Diesel Vortex has been quietly running a large phishing operation against freight and trucking companies across the United States and Europe. The campaign ran from September 2025 through February 2026 and resulted in more than 1,649 stolen login credentials from users of major logistics platforms, including DAT Truckstop, Penske Logistics, […]

The post Diesel Vortex Russian Cybercrime Group Targets Global Logistics Sector and Steals 1,600+ Credentials appeared first on Cyber Security News.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-25108 Soliton Systems K.K. FileZen OS Command Injection Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Celebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted from implementing the CSF 2.0). Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0! Published in 2024, the CSF 2.0 included the addition of a Govern Function, increased emphasis on cybersecurity supply chain risk management, updated categories and subcategories to address current threat and technology shifts, and expansion into a suite of resources designed to make the CSF 2.0 easier to

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare

Обнаруженные ошибки позволяют злоумышленникам выполнять код на серверах.

The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems. [...]