Aggregator

先知安全沙龙第11场 - 密码学在攻防实战中的应用

特朗普政府寻求利用私营企业对外国对手发动网络攻击

埃森哲称内部审查后主动告知客户

Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll

Gentlemen ransomware, first identified in August 2025, has rapidly evolved into a significant threat targeting corporate networks globally. Operating on a double extortion model, this group exfiltrates sensitive data before encrypting it, ensuring they can leverage stolen information even if backups exist. The ransomware is developed in the Go programming language, allowing for efficient cross-platform […]

The post New Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Data appeared first on Cyber Security News.

Launching an AI initiative without a robust data strategy and governance framework is a risk many organizations underestimate. Most AI projects often stall, deliver poor...Read More

The post Can Your AI Initiative Count on Your Data Strategy and Governance? appeared first on ISHIR | Custom AI Software Development Dallas Fort-Worth Texas.

The post Can Your AI Initiative Count on Your Data Strategy and Governance? appeared first on Security Boulevard.

12月11日，2025自主可信计算创新论坛在北京隆重开幕。

AI驱动攻击、深度伪造危机、关键系统靶心化定义明年威胁格局。

0patch нашла не закрытый 0Day, позволяющий обычному пользователю обрушить службу RasMan в Windows.

Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations

Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. [...]

OffSec has released Kali Linux 2025.4, a new version of its widely used penetration testing and digital forensics platform. Most of the changes are related to appearance and usability: Kali’s GNOME desktop environment now organizes Kali tools into folders via the app grid, and there’s a shortcut for opening a terminal window Its KDE Plasma desktop enviroment now comes with a new screenshot tool with added editing features, offers quick access to pinned clipboard items, … More →

The post Kali Linux 2025.4: New tools and “quality-of-life” improvements appeared first on Help Net Security.

В каталоге GNOME Extensions начнут отклонять расширения с «лишним» ИИ-кодом, который усложняет ревью.

12月19日，广州不见不散，赶快报名吧~

在澳大利亚之后，丹麦计划严格限制 15 岁以下青少年使用社交媒体。丹麦政府已与议会中三个执政联盟和两个反对党达成协议，计划最早在 2026 年中期成为法律。拟议措施将赋予部分家长允许其子女从 13 岁起使用社交媒体的权利，但完整计划尚未公布。丹麦数字事务部上个月宣布推出名为“数字证据（digital evidence）”的全新应用，预计明年春季上线，很可能是计划的核心。这款应用将显示年龄证明确保用户遵守社交媒体的年龄限制。马来西亚和挪威也在采取措施。

A vulnerability identified as critical has been detected in Apple iOS and iPadOS up to 26.1. This affects an unknown function of the component WebKit. The manipulation leads to use after free. This vulnerability is listed as CVE-2025-43529. The attack may be initiated remotely. In addition, an exploit is available. You should upgrade the affected component. VulDB is the best source for vulnerability data and more expert information about this specific topic.

A vulnerability categorized as problematic has been discovered in MISP up to 2.5.27. The impacted element is an unknown function of the file app/View/Elements/Workflows/executionPath.ctp. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-67906. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability was found in uriparser up to 0.9.9. It has been rated as problematic. The affected element is an unknown function. Performing manipulation results in uncontrolled recursion. This vulnerability is identified as CVE-2025-67899. The attack is only possible with local access. There is not any exploit available. It is suggested to install a patch to address this issue. Once again VulDB remains the best source for vulnerability data.