Aggregator

RR Auction将于11月20日拍卖凯撒密码K4的原始手写文本及相关物品，估价30万至50万美元。卖家提供铜板作为概念验证，并希望买家保密及接手后续工作。

Новая атака крадёт 2FA и карты прямо из менеджеров.

If you caught my Buyers Look at More Than Dots article on the Gartner Magic Quadrant earlier this year, you already know I’m not a fan of check‑box cheerleading. Yes, it’s nice when your company lands in a particular quadrant or, in today’s case, on the inner ring of GigaOm’s radar (I'm actually pretty darn happy about that). But the real win is a report that helps you (actual IT/Security leader) separate signal from noise when you're the one responsible for keeping your coworker's business communications safe.

The post GigaOm’s 2025 Phishing Defense Radar (a buyer’s shortcut) appeared first on Security Boulevard.

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models (LLMs) and Multi-Component Protocols (MCP) - bring immense potential, but also novel vulnerabilities that traditional tools weren’t designed to handle.  At Wallarm, we’re closely following emerging guidance around these [...]

The post Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure appeared first on Wallarm.

The post Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure appeared first on Security Boulevard.

文章揭示了一种通过图像缩放实现多模态提示注入的攻击方法，利用AI系统在处理高分辨率图像时的缩放机制提取用户数据。该攻击影响了包括Google Gemini CLI、Vertex AI Studio等在内的多个AI平台，并介绍了Anamorpher工具用于生成和分析此类恶意图像。文章还探讨了防御策略及未来研究方向。

文章探讨了基于大型语言模型和多组件协议的多智能体系统带来的安全挑战，包括潜在漏洞、攻击面扩展及防御措施，并提供了OWASP威胁建模指南下的MCP安全清单，旨在帮助组织构建更安全的AI基础设施。

华硕宣布将于 10 月 16 日上市 ROG Xbox Ally 系列掌机，但掌机价格仍然没有公布。ROG Xbox Ally 系列掌机运行 Windows 11，操作系统为掌机进行了优化，支持包括 Valve Steam 和 Epic Games Store 在内的游戏商店，虽然使用 Xbox 品牌，但并不支持 Xbox 游戏，而是 Windows PC 游戏。华硕的非 Xbox 掌机 ROG Ally X 售价高达 800 美元。 ROG Xbox Ally 系列共两个型号，均采用 7 英寸 1080p IPS 显示屏，刷新率 120 Hz，支持 Wi-Fi 6E 和蓝牙 5.4，但内部配置有显著差异。低端的 Xbox Ally 搭载 AMD Ryzen Z2 A 芯片，其配置与 Valve 三年前的 Steam Deck 掌机几乎完全相同。高端的 Xbox Ally X 搭载了 Ryzen AI Z2 Extreme 处理器，配备 8 核 Zen 5 CPU、16 核 RDNA3.5 GPU、1TB 存储空间、24GB LPDDR5X-8000 内存以及 NPU。

As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing

The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious pages trick users into executing downloader scripts that initiate infection chains, often leading to malware deployment by affiliated […]

The post UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families distributed using QuirkyLoader include Agent Tesla, AsyncRAT, Formbook, Masslogger, Remcos RAT,

为帮助所有白帽子在美团SRC测试过程中规避违规风险，保护平台和白帽子的安全和利益，确保平台漏洞奖励机制得以良性运作，美团安全应急响应中心发布《漏洞测试高压线V2.0》。

活动时间：2025年8月22日-9月5日

Orange Belgium revealed that a threat actor has compromised 850,000 customer accounts, with SIM card numbers among the data accessed

От миллиона до 18 миллионов: аудитория приложения взлетела за четыре месяца…

2025年Picus蓝皮书显示，密码破解攻击成功率显著上升至46%，反映出组织在密码策略和身份验证方面的重大漏洞。尽管意识到威胁，但弱密码、过时算法及缺乏多因素认证仍是主要问题。攻击者利用有效凭证轻松渗透系统，强调加强身份安全和凭证管理的迫切需求。

Apple has released critical security updates for iOS, iPadOS, and macOS addressing a newly discovered zero-day vulnerability already being actively exploited in the wild. Tracked as CVE-2025-43300, the flaw affects the ImageIO framework and...

The post Update Now: Apple Patches Critical Zero-Day Vulnerability Found in the Wild appeared first on Penetration Testing Tools.

Inotiv, a U.S.-based company headquartered in West Lafayette, Indiana, has disclosed a serious cybersecurity incident in a filing with the U.S. Securities and Exchange Commission. On August 8, 2025, the organization detected unauthorized access...

The post Inotiv Under Siege: Ransomware Attack Encrypts Biomedical Research Systems appeared first on Penetration Testing Tools.

生成式AI改变了企业对数据的使用方式，但也带来了敏感数据泄露的风险。传统安全方法已无法应对现代数据挑战。通过结合DSPM（数据安全态势管理）和DLP（数据丢失防护），企业可实时监控、分类和控制数据流动，形成闭环系统以应对AI时代的威胁。

The Australian telecommunications provider TPG Telecom has reported a serious security incident affecting the infrastructure of its subsidiary brand iiNet, which offers Australians fixed-line and mobile internet, telephony, and television services. An unidentified attacker...

The post TPG Telecom Data Breach: How One Hack Exposed 300,000 Customers appeared first on Penetration Testing Tools.

A vulnerability in the widely used AI deployment tool Ollama exposed users to the risk of drive-by attacks, enabling malicious actors to surreptitiously interfere with the local application through a specially crafted website. Exploitation...

The post Flawed AI Tool: How a Simple Website Could Have Hijacked Your Ollama App appeared first on Penetration Testing Tools.