Aggregator

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: The CVE-2025-32433 flaw is a […]

Не понравится — не страшно. Нацмессенджер всё равно будет.

Hackers continue to exploit the ConnectWise ScreenConnect remote management and monitoring (RMM) tool to deploy malicious payloads, with a focus on financial organizations. An independent researcher first reported a potential critical vulnerability in ScreenConnect versions 23.9.7 and prior through the ConnectWise Trust Center’s vulnerability disclosure program. Malicious Campaigns Targeting Financial Organizations This flaw has since […]

The post Hackers Persist in Using ConnectWise ScreenConnect Tool to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

包括阿里巴巴、字节跳动和腾讯在内的中国主要 AI 公司在高考期间短暂禁用了部分功能以防止考试作弊。阿里巴巴的 Qwen 和字节跳动的豆宝等热门 AI 应用暂停了图片识别功能，阻止其回答试卷问题；而腾讯的元宝和北京月之暗面科技有限公司（Moonshot AI）的 Kimi 则在考试期间完全停用了照片识别服务。从 6 月 7 日到 10 日，逾 1330 万中国考生参加了高考，他们已被禁止在考试期间使用手机和笔记本电脑等设备，禁用部分 AI 聊天机器人功能只是为防止考试作弊增加额外安全保障。热门 AI 聊天机器人 DeepSeek 也在特定时段停止服务。

Red Canary was experimenting with generative AI B.C. (before ChatGPT). Our new next-gen AI agents are the capstone of a years-long journey.

OpenAI is working to fix an ongoing outage impacting ChatGPT users worldwide and preventing them from accessing the chatbot on the web or via mobile and desktop apps. [...]

SAP has released nineteen security patches in its June Patch Day, addressing critical vulnerabilities that could allow attackers to bypass authorization controls and escalate privileges across multiple enterprise systems. The update includes two HotNews Notes and seven High Priority Notes, with immediate action recommended for organizations running affected SAP environments. The most severe vulnerability, tracked […]

The post Severe SAP NetWeaver Vulnerability Allows Attackers to Bypass Authorization Checks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

微软遵守特朗普的行政令封禁了国际刑事法院（ICC）首席检察官 Karim Khan 的电邮账号，严重影响了法院的日常工作。开源商业联盟 OSBA 认为微软的行为证明欧洲需要数字主权，不能过于依赖美国科技巨头。多年来，欧洲机构一直依赖硅谷科技巨头对安全和数据保护的虚假承诺。微软、亚马逊和 Google 等云服务提供商一再保证，他们尊重欧洲法律，在欧盟境内建立了数据中心，并承诺遵守 GDPR。然而微软事件表明，不管服务器是在法兰克福、罗马还是巴黎，如果供应商受外国法律管辖，那么数据也会受外国法律管辖。如果远在数千公里之外的政治决策会对欧洲数字通信和欧洲数据产生直接而严重的影响，这就构成了巨大的风险。想象一下，如果欧洲将国家电网的控制权交给受非欧洲法律约束的外国公司？现在是时候摆脱对美国技术的依赖了。

Использовал ИИ в схеме — отвечай как за особо тяжкое.

Azul identifies and prioritizes known Java security vulnerabilities with 1,000 times greater accuracy than traditional APM or AppSec tools.

The post How Azul Identifies Java Security Vulnerabilities with 1,000 Times Greater Accuracy appeared first on Azul | Better Java Performance, Superior Java Support.

The post How Azul Identifies Java Security Vulnerabilities with 1,000 Times Greater Accuracy appeared first on Security Boulevard.

This webinar is designed for leadership and management professionals looking to enhance their organization’s security posture in the cloud. The authors explore CIS Hardened Images: how they work, the security benefits they offer, and why they’re especially valuable for public sector organizations. Throughout the discussion, you’ll gain a clear understanding of how these pre-configured security solutions align with the CIS Benchmarks to help mitigate risks and ensure compliance with critical frameworks. The webinar breaks down … More →

The post Webinar: Cloud security made easy with CIS Hardened Images appeared first on Help Net Security.

The Dart coding language and the Flutter framework architecture are gaining traction among developers looking to build fast, reliable, cross-platform applications.

The post Secure mobile applications with Dart, Flutter, and Sonatype appeared first on Security Boulevard.

在宣布关闭 Pocket 和 Fakespot 服务之后，Mozilla 又关闭了两项服务：检测文本是人类还是 AI 撰写的扩展 Deep Fake Detector 以及注重隐私的 AI 扩展 Orbit 将于 6 月 26 日停止服务。其中 Orbit 并非是真的关闭，而是从独立扩展变成了整合在浏览器的侧边栏中。Orbit 使用了 Mozilla 的 Mistral LLM（Mistral 7B）实例处理用户请求，不会收集数据用于模型训练。

Security analysts at CyberProof’s Security Operations Center (SOC) have identified a sharp rise in phishing campaigns leveraging Microsoft SharePoint to bypass modern detection systems. Unlike traditional phishing attempts that rely on embedded malicious links, these sophisticated attacks exploit the inherent trust users place in SharePoint, a widely adopted collaboration platform within enterprises. By disguising phishing […]

The post New SharePoint Phishing Campaigns Employing Deceptive Lick Techniques appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been identified in ISPConfig version 3.2.12p1, a widely used open-source web hosting control panel. The vulnerability allows authenticated attackers to escalate their privileges to that of a superadmin and execute arbitrary PHP code remotely, posing a serious risk to affected systems. The vulnerability primarily originates from design Vulnerability in ISPConfig’s […]

The post ISPConfig Vulnerability Allows Privilege Escalation to Superadmin and PHP Code Injection Exploit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AU10TIX is enhancing its product suite with the launch of AnyDoc Authentication, a capability that exposes forged, tampered, or synthetic non-ID documents that may bypass traditional identity verification methods. AnyDoc harnesses advanced AI, forensic forgery detection, and metadata analysis to empower businesses to detect document fraud, maintain regulatory compliance, and scale secure onboarding. This critical layer of protection supports a diverse range of document types, including utility bills, bank statements, tax filings, business licenses, and … More →

The post AU10TIX AnyDoc Authentication identifies tampered or forged documents appeared first on Help Net Security.