Aggregator

Submit #659640 / VDB-326100

Submit #659639 / VDB-326099

Submit #659638 / VDB-326098

UK NCSC warns that threat actors exploited Cisco firewall zero-days to deploy new malware strains RayInitiator and LINE VIPER. The U.K. NCSC reported that threat actors exploited recently disclosed Cisco firewall flaws (CVE-2025-20362, CVE-2025-20333) in zero-day attacks to deploy novel malware families, RayInitiator and LINE VIPER. These malware mark a major evolution from earlier campaigns, […]

英国NCSC警告称，攻击者利用Cisco防火墙零日漏洞部署RayInitiator和LINE VIPER恶意软件。这些恶意软件具备高级 evasion 和持久性能力。目标设备多为已过时型号，缺乏安全启动功能。 Cisco已修复相关漏洞，并建议用户升级设备以减少风险。

Malware operators aligned with North Korea have forged a sophisticated partnership with covert IT workers to target corporate organizations worldwide. This collaboration, detailed in a new white paper presented at Virus Bulletin 2025, sheds light on the intertwined operations of the DeceptiveDevelopment cybercrime syndicate and the WageMole activity cluster, revealing a hybrid threat that marries […]

The post Malware Gangs Enlist Covert North Korean IT Workers in Corporate Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

9 отраслей ВВП протестировали нейросети и были очень удивлены.

Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box.  But none of that proves what matters most to a CISO: The

文章探讨了网络安全中“入侵与攻击模拟”（BAS）的重要性。传统安全指标无法真正验证防御能力，而BAS通过模拟真实攻击揭示防御漏洞，并提供实际效果证明。这种方法帮助CISO们确保关键防御措施有效，并减少误报和修复时间。

A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and Australian cybersecurity agencies. The suspected state-sponsored threat actor behind it is believed to be the one that perpetrated the ArcaneDoor attack campaign in 2023 and 2024, when they used custom malware to disable logging and preventing the creation of a crash dump (“Line Dancer”) and to install a backdoor that … More →

The post Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks appeared first on Help Net Security.

Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an exercise in threat modeling.

In security, threat modeling is the process of determining what security measures make sense in your particular situation. It’s a way to think about potential risks, possible defenses, and the costs of both. It’s how experts avoid being distracted by irrelevant risks or overburdened by undue costs...

The post Digital Threat Modeling Under Authoritarianism appeared first on Security Boulevard.

文章探讨了在威权主义背景下个人数字安全的威胁建模问题。随着政府与企业合作收集和利用个人数据，隐私风险显著增加。加密技术虽非万能解药，但仍是最有效的防护手段之一。

文章探讨了数字时代个人安全的重要性，强调通过威胁建模评估风险并采取相应措施。随着政府和企业对数据的监控增强，个人需谨慎管理信息共享，并利用加密技术保护隐私。然而，在复杂多变的环境中做出权衡仍具挑战性。

How the notorious Packer-as-a-Service operation built itself into a hydra

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

当前环境出现异常提示，请完成验证后继续访问。

当前环境出现异常状态，需完成验证后方可继续访问。