Aggregator

In 2025, AI bots officially entered Cyber Week. Learn how agents shaped traffic and shopper intent — and why retailers must optimize for AI-driven commerce.

30 年前的 12 月 4 日，Netscape Communications 和 Sun Microsystems 发表新闻稿，正式宣布推出设计用于创建交互式 Web 应用的对象脚本语言 JavaScript。Netscape 工程师 Brendan Eich 在 1995 年 5 月的 10 天内冲刺开发出了一个内部原型，1996 年 3 月发布了 JavaScript 的 1.0 版本。30 年后的今天 JavaScript 运行在 98.9% 的支持客户端代码的网站上，是 Web 领域最具支配性的编程语言。除浏览器之外，JavaScript 还驱动着服务器后端、移动应用、桌面软件，甚至部分嵌入式系统。JavaScript 一直是全球使用最广泛的语言之一。包括 Netscape 和 Sun 在内的众多最早支持 JavaScript 的科技公司基本都已经消失，而 JavaScript 比它们都活得更久。JavaScript 使用过多个名字，最早叫 Mocha，然后改为 LiveScript，12 月 Netscape 和 Sun 签署授权协议正式将其命名为 JavaScript。JavaScript 与 Sun 的 Java 语言一度引起混淆和困惑，其实除了名字和部分语法规范，两者基本上毫无关系。甲骨文在收购 Sun 之后继承了 JavaScript 商标，但从未使用 JavaScript 名字构建产品，Brendan Eich 等人在一封公开信中认为甲骨文因从未使用而放弃了该商标，因此 JavaScript 成为一个通用术语。

Многолетние мольбы IT-сообщества наконец были услышаны.

A severe authentication bypass vulnerability has been discovered in cal.com, the popular open-source scheduling platform. Allowing attackers to gain unauthorized access to user accounts by submitting fake TOTP codes. According to GitHub, flaw tracked as CVE-2025-66489, this critical flaw affects versions up to 5.9.7 and has been patched in version 5.9.8. Flawed Authentication Logic Exposes User […]

The post Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes appeared first on Cyber Security News.

A vulnerability described as problematic has been identified in CIRCL Vulnerability-Lookup up to 2.17.x. This impacts an unknown function. The manipulation of the argument related_vulnerabilities results in cross site scripting. This vulnerability is cataloged as CVE-2025-42620. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Infinera MTC-9 up to 22.x. This affects an unknown function of the component SSH Service. The manipulation leads to missing authentication. This vulnerability is listed as CVE-2025-27020. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

The United States continues to face an unprecedented surge in cyber threats, accounting for nearly half of all documented cyber attacks globally between 2024 and 2025. Recent data from the Cyber Events Database reveals that the US experienced 646 reported incidents during this period, representing 44 percent of all tracked attacks worldwide. This alarming statistic […]

The post US Accounts for 44% of Cyber Attacks; Financial Gain Targets Public Administration appeared first on Cyber Security News.

A vulnerability labeled as problematic has been found in GS Yuasa International FULLBACK Manager Pro and FULLBACK Manager Pro for Network. The impacted element is an unknown function of the component Windows Service. Executing manipulation can lead to unquoted search path. This vulnerability is tracked as CVE-2025-66461. The attack is restricted to local execution. No exploit exists.

A vulnerability identified as critical has been detected in KNIME Business Hub up to 1.16.x. The affected element is an unknown function of the component Catalog Service. Performing manipulation results in incorrect ownership assignment. This vulnerability is identified as CVE-2025-14262. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182, also known as the React2Shell flaw, within hours, according to AWS Security. The researchers confirmed that this vulnerability doesn’t affect AWS services, however they opted to share threat intelligence data to […]

A vulnerability categorized as critical has been discovered in Infinera MTC-9 up to 22.x. Impacted is an unknown function of the component Remote Shell Service. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-27019. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in CIRCL Vulnerability-Lookup up to 2.17.x. It has been rated as problematic. This issue affects some unknown processing. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2025-42616. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in CIRCL Vulnerability-Lookup up to 2.17.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation results in improper restriction of excessive authentication attempts. This vulnerability was named CVE-2025-42615. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

Georg Driegen wordt met ingang van 1 januari 2026 directeur Operatiën bij de Algemene Inlichtingen- en Veiligheidsdienst (AIVD).

Guidance for organisations wishing to deploy products that use IPsec.

Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.

For the latest discoveries in cyber research for the week of 8th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Pennsylvania and the University of Phoenix were hit by data breaches after attackers exploited zero-day vulnerabilities in Oracle E-Business Suite servers. At least 1,488 people at UPenn and numerous […]

The post 8th December – Threat Intelligence Report appeared first on Check Point Research.

The Kitten Project has emerged as a coordinated hacktivist platform operating at the intersection of activism and technical operations. This initiative represents a shift in how cyber-focused groups organize their campaigns, moving beyond isolated attacks toward centralized infrastructure that facilitates communication, resource sharing, and coordinated action. The platform, accessible through thekitten.group, serves as a hub […]

The post The ‘Kitten’ Project – Hacktivist Groups Carrying Out Attacks Targeting Israel appeared first on Cyber Security News.

Как объясняют это представители OpenAI и что делать простым пользователям?

There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.