Aggregator

frida 17.4 修复了一个存在很长时间的问题，就是对 iOS 模拟器附加进程的支持

Cybercriminals are exploiting TikTok’s massive user base to distribute sophisticated malware campaigns that promise free software activation but deliver dangerous payloads instead. The attack leverages social engineering tactics reminiscent of the ClickFix technique, where unsuspecting users are tricked into executing malicious PowerShell commands on their systems. Victims encounter TikTok videos offering free activation of popular […]

The post Hackers Using TikTok Videos to Deploy Self-Compiling Malware That Leverages PowerShell for Execution appeared first on Cyber Security News.

The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite.

SEO 公司 Graphite 发表了一份报告，称互联网上逾半数内容是 AI 生成的。Graphite 分析了 2020 年 1 月至 2025 年 5 月间发表的 65,000 篇英文文章的随机样本，使用了 AI 检测工具 Surfer 进行评估，如果一篇文章的内容有五成或更多部分被认为是大模型撰写的，那么这篇文章就被视为是 AI 生成。分析显示，在 ChatGPT 于 2022 年 11 月发布之后，AI 生成文章的数量大幅飙升，其比例从 2022 年底的 10% 飙升至 2024 年的 40% 以上，之后并趋于平稳。截至今年 5 月，新 AI 文章比例为 52%。研究人员使用了名叫 Common Crawl 的开源数据集，该数据集包含了数以千亿计的网页，但由于 AI 公司利用该数据集训练大模型，很多有付费墙的网站已经屏蔽了 Common Crawl，这些网站中人类撰写的文章比例应该更高。此外 AI 生成的内容农场通常不会被搜索引擎索引或会被降低排名，Graphite 发现，Google 搜索中 86% 的文章由人类撰写，AI 撰写的比例只有 14% 。

Dutch prosecutors suspect three teens of aiding a foreign power, with one allegedly linked to a Russian-affiliated hacker group

A vulnerability labeled as problematic has been found in Radare2 up to 5.9.8. This issue affects the function r2r_subprocess_init. The manipulation results in memory leak. This vulnerability is identified as CVE-2025-60360. The attack can only be performed from the local network. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as problematic has been detected in Radare2 up to 5.9.8. This vulnerability affects the function r_bin_object_new. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2025-60359. The attack needs to be initiated within the local network. No exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as critical has been discovered in ash up to 3.7.0. This affects an unknown part in the library lib/ash/policy/policy.ex. Executing manipulation can lead to incorrect authorization. The identification of this vulnerability is CVE-2025-48044. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

Cybercriminals associated with the North Korean threat group WaterPlum, also known as Famous Chollima or PurpleBravo, have escalated their activities with a sophisticated new malware strain called OtterCandy. This cross-platform RAT and information stealer represents a dangerous evolution in the group’s capabilities, combining features from previously observed malware families RATatouille and OtterCookie to create a […]

The post Threat Actors Leveraging ClickFake Interview Attack to Deploy OtterCandy Malware appeared first on Cyber Security News.

Комплекс подтвердил готовность к службе и открыл  новую эру корабельной ПВО.

Почему 3 ТБ утечки — это угроза национальной безопасности.

A nation‑state actor infiltrated F5’s BIG‑IP development systems, stealing proprietary code and vulnerability data. While no backdoor was found, CISA warned that the stolen intelligence could speed up exploitation of F5 BIG-IP devices and products – placing edge appliances at immediate risk.

The post F5 Breach: Practical Recommendations for Protecting Your Edge Devices and Reducing Supply Chain Risk appeared first on Sygnia.

A critical WatchGuard Fireware vulnerability, tracked as CVE-2025-9242, could allow unauthenticated code execution. Researchers revealed details of a critical vulnerability, tracked as CVE-2025-9242 (CVSS score of 9.3), in WatchGuard Fireware. An unauthenticated attacker can exploit the flaw to execute arbitrary code. The vulnerability is an out-of-bounds write issue that affects Fireware OS versions 11.10.2–11.12.4_Update1, 12.0–12.11.3, […]

Security teams around the world are grappling with a new breed of cyber threats that leverage advanced automation to identify software weaknesses and craft malicious payloads at unprecedented speed. Over the past year, adversaries have integrated machine-driven workflows into their operations, enabling opportunistic criminals and well-funded groups alike to discover zero-days and assemble malware with […]

The post Hackers Using AI to Automate Vulnerability Discovery and Malware Generation – Microsoft Report appeared first on Cyber Security News.

VMware certification isn't just about passing exams — it's about mastering systems, proving expertise, and your career. Gain hands-on labs, discounts, and mentorship with VMUG Advantage to reach your next goal faster. [...]

Name: HITCON Cyber Range 2025 Final (an HITCON Cyber Range event.)
Date: Oct. 17, 2025, 1 a.m. — 17 Oct. 2025, 10:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Taipei, Taiwan
Offical URL: https://hitcon.kktix.cc/events/hitcon-cyberrange-2025
Rating weight: 0.00
Event organizers: HITCON

Нейросеть из Йеля помогла найти комбинацию лекарств, усиливающую действие иммунной терапии.

Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates. [...]