Aggregator

Атакующим достаточно соединить баги в цепочку атак для полного захвата IT-инфраструктуры.

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion rings, has itself become the victim of a major cyberattack. On May 7, attackers breached and defaced the group’s dark web sites, leaking a trove of operational data and internal chats in a stunning turn of events that sent shockwaves […]

The post LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

curl 项目正与大量由 AI 生成的虚假漏洞报告作斗争，curl 作者 Daniel Stenberg 认为这是针对该项目的 DDoS 攻击。Stenberg 称至今没有看到一份 AI 帮助下完成的漏洞报告是有效的。5 月 4 日的一份安全报告令 Stenberg 倍感崩溃，因为报告引用了不存在的函数，而且不适用于当前版本。甚至还有安全报告包含了 AI 提示命令。Stenberg 希望管理漏洞报告的平台 HackerOne 能使用更多工具打击 AI 生成的漏洞报告，他计划封禁递交此类报告的用户。

Автоматизированные боты активно сканируют интернет в поисках уязвимых ресурсов.

In this Help Net Security interview, Michael Pound, Associate Professor at the University of Nottingham shares his insights on the cybersecurity risks associated with LLMs. He discusses common organizational mistakes and the necessary precautions for securing sensitive data when integrating LLMs into business operations. Where do you see the biggest gaps in understanding or preparedness among CISOs and security teams when it comes to LLM use? Many security professionals are – quite reasonably – not … More →

The post Even the best safeguards can’t stop LLMs from being fooled appeared first on Help Net Security.

特朗普政府计划修改拜登任期结束前公布的 AI 芯片出口限制政策，该政策原计划于 5 月 15 日生效。拜登政府最后公布的 AI 出口政策将各个国家划分为 3 个梯队。第一梯队（Tier-1）为美国的同盟国日本、韩国、英法德等 18 个国家和地区。这些地区在先进半导体及 AI 基础模型的技术转让方面不受限制。第二梯队（Tier-2）国家共有大约 120 个。面向第二梯队国家的大多数出口都需要获得美国政府的批准。第三梯队（Tier-3）则包括中俄等 22 个国家，除了此前的出口限制，还禁止了 AI 技术转让。包括英伟达和 AMD 在内的芯片制造商反对最新的出口政策。AMD CEO 苏姿丰周三表示，美国应在出于国家安全理由限制芯片准入和提供准入之间取得平衡，以促进美国芯片产业的发展。英伟达 CEO 黄仁勋本周早些时候表示，被中国 AI 市场拒之门外将是“巨大的损失”。

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs), potentially allowing unauthenticated remote attackers to gain full control of affected devices. The vulnerability, tracked as CVE-2025-20188, lets attackers upload arbitrary files and execute commands with root privileges, posing a severe threat to enterprise wireless networks worldwide. Vulnerability Summary The vulnerability […]

The post Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Преступники торговали мощностями как фастфудом, пока к ним не заглянули на «санитарную проверку».

The tech industry is experiencing significant layoffs, leaving thousands of IT and cybersecurity professionals in search of new employment opportunities. Unfortunately, as these individuals search for new opportunities, scammers are actively preying on them. Losing a job, especially when you can’t afford to be without income, is emotionally stressful, and desperation can make you vulnerable to these types of scams. Given the ongoing economic uncertainty, market volatility, and the adoption of AI across industries, more … More →

The post Wave of tech layoffs leads to more job scams appeared first on Help Net Security.

A CVSS score 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 91 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'NgockhanhC311' was reported to the affected vendor on: 2025-05-08, 40 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 91 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 70 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Gwangun Jung at THEORI' was reported to the affected vendor on: 2025-05-08, 70 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-08, 68 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 91 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 91 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed.

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an

Хакеры Play снова на сцене, и теперь их альбом — в системном каталоге «Музыка».