Aggregator

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Local Security Authority Subsystem Service. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-32724. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Microsoft Windows. This vulnerability affects unknown code of the component Storage Management Provider. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-33060. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. This issue affects some unknown processing of the component Storage Management Provider. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-33061. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

От передачи первенца до бессмертной души — компании проверяют, читаете ли вы их условия.

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 (M365) Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been

关键词数据泄露美国航空业再被卷入隐私丑闻。

关键词网络攻击美国卫生与公众服务部（HHS）名下的疫苗宣传网站，近日被发现遭篡改，页面充斥着大量AI生成的垃圾

关键词Nytheon黑客圈出现了一款名为 Nytheon AI 的新型人工智能黑产平台，正在多个地下论坛活跃推

关键词违法犯罪近期，南京警方成功破获一起横跨多地的“黄牛抢号”案件，3个非法入侵医院挂号系统的“黑客黄牛”团伙

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap. Enterprises are Losing Track of Their Machine Identities Machine identities–service

A newly disclosed command injection vulnerability in Palo Alto Networks’ PAN-OS operating system poses significant security risks to enterprise firewall infrastructures worldwide.  The vulnerability, catalogued as CVE-2025-4230, enables authenticated administrators with command-line interface (CLI) access to execute arbitrary commands with root-level privileges, potentially compromising entire network security architectures.  Published on June 11, 2025, the security […]

The post Palo Alto Networks PAN-OS Vulnerability Let Attacker Run Arbitrary Commands as Root User appeared first on Cyber Security News.

Cybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor is reportedly offering the complete source code of a botnet that leverages Node.js runtime, blockchain-based command and control infrastructure, and modern web technologies to create a highly resilient and scalable […]

The post Cybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory surveillance, pose privacy and security risks and get simple tips to secure your own.

Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat. [...]

中央网信办举报中心与中国科协科普部联合发布《利用AI生成类谣言辟谣典型案例》。案例展示了多部门联动核查谣言线索、权威辟谣、依法追责等工作成效，传递出利剑高悬、严厉惩治造谣传谣行为的强烈信号，为AI生成类谣言治理工作提供了有益参考。

近日，国家标准化管理委员会下达的推荐性国家标准计划，其中《网络安全技术 区块链共识机制安全要求》和《网络安全技术 移动互联网未成年人模式技术要求》2项国家标准由全国网络安全标准化技术委员会归口管理，清单见附件。

由于数据在当下的数字化浪潮中发挥着基础资源和创新引擎的作用，制定《政务数据共享条例》，推进政务数据安全有序高效共享利用，充分释放政务数据资源潜能，对于全面建设数字法治政府意义重大。

当前，互联网广泛运用，人工智能等新技术方兴未艾，新一轮科技革命和产业变革迅猛展开，人们生活品质大幅提升，经济社会发展也按下了加速键。网络、信息技术的进步，也使得社会个体高度互联和人际关系深度重塑，社会变化加剧。

The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies