Aggregator

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

В новой статье рассказали, как команда СайберОК в рамках Кибериспытаний на Standoff365 нашла открытую Grafana у заказчика и добилась недопустимого события — всё на этапе начального рекона и без особых сложностей.

SplxAI has closed $7 million in seed funding led by LAUNCHub Ventures with participation from Rain Capital, Inovo, Runtime Ventures, DNV Ventures and South Central Ventures. LAUNCHub General Partner Stan Sirakov is also joining the SplxAI Board of Directors and former Brand Engagement Network CISO Sandy Dunn is joining the company as CISO to spearhead development of SplxAI’s GRC offering. The funding will accelerate the development and adoption of the SplxAI Platform, enabling organizations to … More →

The post SplxAI raises $7 million to provide security for agentic AI appeared first on Help Net Security.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
• CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]

This post first appeared on blog.netwrix.com and was written by Jonathan Blackwell.
Introduction to PowerShell Execution Policies In PowerShell, execution policies are a safety feature designed to control the conditions under which PowerShell scripts run on a system. These policies are not exactly a security mechanism but are intended to serve the following purpose: Execution policies play an important role in enhancing script security. They act as … Continued

Chrome 浏览器的零日漏洞正被复杂的威胁行为者积极利用，漏洞编号为 CVE-2025-2783。

Standards body ETSI has defined a scheme for key encapsulation mechanisms with access control (KEMAC), enabling quantum-secure encryption

最狠财报，没有之一。

Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware.

“A boxer derives the greatest advantage from his sparring partner…” — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure.

Госструктуры Европы всеми силами показывают, что справятся и без США?

A vulnerability, which was classified as critical, has been found in Google Chrome on Windows. Affected by this issue is some unknown functionality of the component Mojo. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2025-2783. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Checkmk up to 2.1.0p50/2.2.0p40/2.4.0b1. Affected by this vulnerability is an unknown functionality. The manipulation leads to session expiration. This vulnerability is known as CVE-2025-2596. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.