Aggregator

Житель Москвы получил 15 суток за логотип запрещенной соцсети.

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data […]

Discord improves collaboration, but a compromised account can expose credentials, customer data and internal plans. Learn the risks and how to reduce exposure.

The post How Discord Can Expose Corporate Data appeared first on Security Boulevard.

How Claude's New AI Code Scanning Tool Will Challenge Application Security Leaders
Anthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

Shared Network Intelligence Adds Ecosystem Visibility to AI Models
Fraudsters collaborate, but most banks still detect fraud alone. This imbalance has defined fraud prevention for years. Now CISOs and fraud practitioners are rethinking their approach using network intelligence signals. Network intelligence shifts the lens by focusing on relationships across banks.

New Programs Aim to Counter Foreign Influence Over Tech Standards
The White House is operationalizing its AI action plan with export-ready "American AI stack" packages, a U.S. Tech Corps and new standards initiatives, aiming to entrench U.S. infrastructure in allied nations while countering foreign influence over global AI governance.

在索尼之后，曾以等离子电视闻名的松下宣布其电视业务将由创维接手。从 4 月开始，欧洲和北美的松下电视销售业务移交给创维，双方还将在产品研发和生产方面进行合作，松下将专注于在日本的销售和高端机型的生产，借助其他地区的销售和低价产品的生产委托给外部，有助于提高正在下滑的电视业务的收益。在销售方面，日本市场仍由松下自己负责，而欧美则由创维负责。剩下的亚洲市场今后将讨论包括与创维合作在内的各个国家和地区的最佳措施。在等离子电视时代，松下一度占据近半市场份额，2010 年松下控制了 40.7% 的等离子面板市场份额，超过三星（33.7%）和LG（23.2%），但随着消费者日益对 LCD 电视感兴趣，松下于 2014 年 3 月停产等离子电视。日本公司如夏普、东芝、日立以及索尼都基本退出了电视市场。

The notorious cybercriminal group has claimed responsibility for a massive data breach targeting the Dutch telecommunications company Odido and its brand BEN. The group ShinyHunters claims to have stolen 21 million records from 8 million customers, suggesting the incident is far more severe than previously disclosed. The data exposed in this alleged breach is highly […]

The post ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido appeared first on Cyber Security News.

Arctic Wolf has acquired Sevco Security, integrating Sevco’s cloud-native technology into the Arctic Wolf Aurora Platform. This integration unifies asset intelligence, vulnerability context, and security control coverage to give organizations a continuous, consolidated view of exposures across hybrid environments and enables faster, more precise identification, prioritization, and remediation of risk. Organizations seeking to move from reactive defense to a more proactive security posture increasingly view exposure management as a critical capability. Security teams cannot get … More →

The post Arctic Wolf acquires Sevco Security to advance proactive exposure management appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in liquidprompt Liquid Prompt. Affected is an unknown function. Such manipulation leads to os command injection. This vulnerability is listed as CVE-2026-27113. The attack must be carried out locally. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability labeled as critical has been found in libtiff up to 4.7.1. The impacted element is the function readSeparateStripsIntoBuffer. Such manipulation leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2025-61144. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Cesanta Mongoose up to 7.20. It has been declared as problematic. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. This vulnerability is tracked as CVE-2026-2966. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in pjsip up to 2.16. This impacts an unknown function. The manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2026-26967. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

Microsoft опасается, что ИИ полностью уничтожит «вход» в профессию программиста.

Jim Huang的《Improve Load Balancing withMachine Learning Techniques basedon sched_ext Framework》值得一读。

Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of […]

A vulnerability, which was classified as problematic, has been found in Cloudflare CIRCL up to 1.6.2. Affected by this vulnerability is the function CombinedMult of the component ecc p384. Performing a manipulation results in incorrect calculation. This vulnerability was named CVE-2026-1229. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in SolarWinds Serv-U. Affected is an unknown function. Such manipulation leads to incorrect type conversion. This vulnerability is uniquely identified as CVE-2025-40541. The attack can be launched remotely. No exploit exists.

Patching alone no longer stops breaches. Learn why CVE-based vulnerability management is failing and how runtime visibility reveals what’s truly exploitable in your environment.

The post The CVE Treadmill: Why You Can’t Patch Your Way to Security  appeared first on Security Boulevard.