Aggregator

业界、监管与技术专家呼吁协同推进链上合规、可落地技术与监管明确性，以支持受规管稳定币的主流化应用。

Absolute Security released Rehydrate, empowering enterprises to recover from IT or cyber incidents remotely and at scale to minimize operational downtime. Enterprises with business operations that have been stopped by Windows PCs made inoperable by cyberattacks, ransomware strikes, and IT incidents can use this innovation to automate the at-scale restoration of connected devices to a fully operational state, typically in 30 minutes or less, remotely and with a single click. “Ransomware attacks, security breaches, and … More →

The post Absolute Security Rehydrate restores compromised endpoints appeared first on Help Net Security.

Автором трояна указан обычный подросток. Full-stack разработчик в 15?

On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages—sisaws and secmeasure—that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers. Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them. SilentSync’s versatile capabilities include remote command execution, […]

The post Malicious Typosquatted PyPI Packages Spreading SilentSync RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ping Identity announced a new AI framework designed to close the trust gap created by the rise of AI agents, along with AI-powered assistants that boost administrator productivity. This framework makes verifiable trust a foundation of every digital interaction, helping enterprises unlock frictionless convenience, strengthen governance, and open new channels for growth. “We can no longer implicitly trust what we see, hear, or receive digitally,” said Peter Barker, CPO at Ping Identity. “As AI becomes … More →

The post Ping Identity debuts AI framework to keep humans in control appeared first on Help Net Security.

The newly publicized Pixie Dust attack has once again exposed the critical vulnerabilities inherent in the Wi-Fi Protected Setup (WPS) protocol, enabling attackers to extract the router’s WPS PIN offline and seamlessly join the wireless network.  By targeting weak randomization in the registrar’s nonces, this exploit subverts the intended security of WPS without requiring proximity […]

The post Pixie Dust Wi-Fi Attack Exploits Routers WPS to Obtain PIN and Connect With Wireless Network appeared first on Cyber Security News.

HackerNews 编译，转载请注明出处： 谷歌在周三发布了Chrome网络浏览器的安全更新，以解决四个漏洞，其中包括一个已被证实存在野外利用的漏洞。 这个零日漏洞是CVE-2025-10585，被描述为V8 JavaScript和WebAssembly引擎中的类型混淆问题。 类型混淆漏洞可能会产生严重后果，因为恶意行为者可以利用这些漏洞触发意外的软件行为，导致执行任意代码和程序崩溃。 谷歌威胁分析小组（TAG）在2025年9月16日发现了这个漏洞并进行了报告。 正如通常的情况一样，该公司没有分享关于该漏洞在现实世界攻击中如何被滥用、被谁滥用以及这种攻击的规模等额外细节。这是为了防止其他威胁行为者在用户能够应用修复之前利用该问题。 “谷歌知道CVE-2025-10585的利用程序存在于野外，”它在一份简短的咨询中承认。 CVE-2025-10585是自今年年初以来，第六个被积极利用或作为概念验证（PoC）展示的Chrome零日漏洞。这包括：CVE-2025-2783、CVE-2025-4664、CVE-2025-5419、CVE-2025-6554和CVE-2025-6558。 为了防范潜在威胁，建议用户将他们的Chrome浏览器更新到Windows和苹果macOS的140.0.7339.185/.186版本，以及Linux的140.0.7339.185版本。为了确保安装了最新的更新，用户可以导航到更多>帮助>关于Google Chrome，并选择重新启动。 其他基于Chromium的浏览器用户，如微软Edge、Brave、Opera和Vivaldi，也建议在修复程序可用时尽快应用。     消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

9 月 16 日下午，在长春航空展上两架小鹏汇天 eVTOL（电动垂直起降器）在飞行过程中发生碰撞，导致其中一架坠毁。小鹏汇天官方称，当事发时广东汇天通航已完成航展预演，正在进行双机编队训练，两架飞行器因间距控制不当发生接触。其中一架顺利降落，另一架则在着陆过程中因机身损伤引发起火。小鹏汇天强调，现场人员均安全，相关部门已迅速完成应急处置，事件具体原因仍在进一步调查中。但 CNN 报道称有一人受伤。小鹏汇天旗下“陆地航母”飞行汽车前不久宣布获得 5000 台订单及 15 亿元预收款。

A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2025-9961, has been discovered in TP-Link routers. Security research firm ByteRay has released a proof-of-concept (PoC) exploit, demonstrating how attackers can bypass Address Space Layout Randomization (ASLR) protections to gain full control over affected devices. The vulnerability resides in the router’s Customer Premises Equipment (CPE) […]

The post TP-Link Router 0-Day RCE Vulnerability Exploited Bypassing ASLR Protections – PoC Released appeared first on Cyber Security News.

A critical security vulnerability in the popular Greenshot screenshot utility has been discovered that allows local attackers to execute arbitrary malicious code within the trusted application process. The vulnerability, tracked as CVE-2025-59050, affects Greenshot versions up to 1.3.300 and has been patched in version 1.3.301 released on September 16, 2025. Greenshot image editor interface showing capture […]

The post Windows Greenshot Vulnerability Lets Attackers Execute Malicious Code – PoC Published appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

2025年国家网络安全宣传周于9月15日至21日在全国范围内展开。今年的宣传周以"网络安全为人民，网络安全靠人民——以高水平安全守护高质量发展"为主题，将开展形式多样、内容丰富的系列活动，全方位提升全民网络安全意识和防护技能。

GNOME 桌面环境项目释出了代号为 Brescia 的 GNOME 49。主要新特性包括：快速设置新增“请勿打扰”开关、登录屏幕专门的可访问性（Accessibility）菜单、快速设置菜单支持处理未知电源配置文件、支持 YUV422 和 YUV444 (HDR) 色彩空间、支持被动投屏（screen casts）和支持异步键盘映射设置。其它变化包括媒体控件、支持锁屏重启和关机操作，GNOME Display Manager(GDM)支持动态用户欢迎会话，以及多显示器设置中快速设置支持每个显示器亮度滑块。

Пошаговая инструкция: как автоматизировать BCP и BIA для быстрого восстановления бизнеса.

点击阅读原文即可下载！

目前该攻击活动仍在持续——每当平台移除恶意扩展，攻击者就会立即上传新的恶意代码取而代之。

In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks. Stenberg also explains the team’s approach to handling vulnerabilities, ensuring transparency, and maintaining trust in the open-source ecosystem. cURL is embedded in billions of devices, from cloud services to … More →

The post Behind the scenes of cURL with its founder: Releases, updates, and security appeared first on Help Net Security.

Submit #653344 / VDB-324797

Submit #653343 / VDB-324796

Submit #653342 / VDB-324795