Aggregator

贪：什么都想要 嗔：什么都看不惯 痴：什么都想不明白 慢：什么都看不起 疑：什么都不相信

Эффективность 3% — пока мало для массового производства, но подход работает.

A Russian-linked cybercrime group named Diesel Vortex has been quietly running a large phishing operation against freight and trucking companies across the United States and Europe. The campaign ran from September 2025 through February 2026 and resulted in more than 1,649 stolen login credentials from users of major logistics platforms, including DAT Truckstop, Penske Logistics, […]

The post Diesel Vortex Russian Cybercrime Group Targets Global Logistics Sector and Steals 1,600+ Credentials appeared first on Cyber Security News.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-25108 Soliton Systems K.K. FileZen OS Command Injection Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Celebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted from implementing the CSF 2.0). Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0! Published in 2024, the CSF 2.0 included the addition of a Govern Function, increased emphasis on cybersecurity supply chain risk management, updated categories and subcategories to address current threat and technology shifts, and expansion into a suite of resources designed to make the CSF 2.0 easier to

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare

Обнаруженные ошибки позволяют злоумышленникам выполнять код на серверах.

The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems. [...]

Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities

根据发表在《JGR Oceans》期刊上的一项研究，过去 20 年从太平洋流入北冰洋“加拿大海盆”的海水的热输送量增至 1.5 倍。分析认为，除流入水温升高外，北冰洋海冰减少也进一步推高了水温。受全球变暖影响，北冰洋海冰正在减少，尤其是太平洋一侧的减幅较大。研究团队自 2000 年起，在阿拉斯加州巴罗角近海观测海水温度与流速，从太平洋经白令海峡的海水主要汇入该处。结果显示，流速未见变动趋势，但水温呈长期上升。海洋热输送量也呈增加趋势，在 2000年-2022 年间增至原来的 1.5 倍。基于卫星海表温度等数据，研究还发现热输送自 2010 年代后半期起急剧增加。海冰较少的年份热输送较多，海冰较多的年份热输送较少。海冰较少时，海水更易吸收日照导致水温上升，进而加速海冰融化，形成反馈效应。

Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service.

Cybersecurity researchers said they saw Medusa attacks launched by members of Lazarus — a well-known North Korean hacking operation housed within the country’s military — against a company in the Middle East and a healthcare organization in the U.S.

Currently trending CVE - Hype Score: 2 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71.

Currently trending CVE - Hype Score: 3 - Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2.

Currently trending CVE - Hype Score: 2 - Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Робот-убийца будет сопровождать истребитель в бою и выполнит любой приказ.

Microsoft’s Windows 365 for Agents is a cloud platform that gives AI agents secure access to cloud PCs. It lets builders run copilots, agents, and automated workflows in Windows environments without managing infrastructure. The platform includes security, policy controls, scalability, and visibility so agents can browse websites, process data, and complete tasks inside a managed cloud PC. “Windows 365 is designed to support a broad spectrum of agent solutions, operating systems, and data access controls, … More →

The post Windows 365 for Agents brings managed cloud PCs to autonomous workflows appeared first on Help Net Security.

关键词网络攻击西班牙警方近日在马德里逮捕一名20岁男子，指控其通过篡改在线支付系统，以每单仅0.01欧元的价格

关键词数据泄露知名黑客组织 ShinyHunters 近日声称入侵荷兰电信公司 Odido 及其子品牌 Ben