Aggregator

A vulnerability, which was classified as critical, has been found in Robocode 1.9.3.6. This impacts the function createTempFile of the component AutoExtract. Performing manipulation results in insecure temporary file. This vulnerability is identified as CVE-2025-14307. The attack is only possible with local access. There is not any exploit available.

Threat actors are now leveraging the trust users place in AI platforms like ChatGPT and Grok to distribute the Atomic macOS Stealer (AMOS). A new campaign discovered by Huntress on December 5, 2025, reveals that attackers have moved beyond mimicking trusted brands to actively utilizing legitimate AI services to host malicious payloads.​ The infection chain […]

The post Threat Actors Weaponize ChatGPT and Grok Conversations to Deploy AMOS Stealer appeared first on Cyber Security News.

FBI警告AI诈骗：犯罪分子通过短信谎称绑架亲人并索要赎金。他们发送看似真实的照片或视频，但细节有误如纹身、疤痕缺失或比例不符。有时限时发送以限制分析时间。

The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年12月1日至2025年12月7日）安全漏洞情况如下

文章指出当前环境异常，需完成验证后才能继续访问。

Cybercriminals and foreign adversaries are exploiting gaps in our digital armor. These essential reforms can help American cybersecurity catch up.

The post The 10 key reforms that can close America’s cybersecurity gaps appeared first on CyberScoop.

好的，用户让我帮忙总结一篇关于云安全的文章，控制在100字以内，不需要特定的开头。首先，我需要通读整篇文章，抓住主要内容。 文章主要讲的是云安全的变化，攻击者利用配置错误、身份问题和代码漏洞进行攻击。传统安全工具常常无法检测这些威胁，因为它们看起来像正常活动。Palo Alto Networks的Cortex Cloud团队将举办一个技术深入会议，讨论三个具体的攻击向量：AWS身份配置错误、隐藏在AI模型中的恶意文件以及Kubernetes权限问题。 会议不仅分析问题，还会展示攻击机制，并提供解决方案，比如审计日志、清理权限和应用AI控制。这对团队很重要，因为传统方法存在可见性差距。 总结时要涵盖攻击方式、会议内容和解决方案。控制在100字以内，所以需要简洁明了。 云安全面临新威胁，攻击者利用配置错误、身份漏洞和代码问题入侵。传统工具常无法检测这些看似正常的活动。Palo Alto Networks团队将分享三类攻击案例及防御方法：滥用AWS身份配置、隐藏恶意文件于AI模型中、利用过度授权的Kubernetes容器。会议还将展示如何通过运行时智能和日志审计早期发现威胁，并提供具体应对措施。

美国网络安全机构CISA将影响WinRAR的CVE-2025-6218漏洞列为已知被利用漏洞，该漏洞可导致代码执行，需用户访问恶意页面或打开恶意文件。该漏洞已修复，仅影响Windows版本。多个威胁组织利用此漏洞进行鱼叉式网络钓鱼和恶意软件传播攻击。FCEB机构需在2025年12月30日前完成修复以保护网络。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation

Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world. Next week, the Cortex Cloud team at Palo Alto Networks

Невидимый враг находился рядом с целью круглосуточно.

Let's Encrypt 项目回顾了过去的十年。该项目旨在让每一个网站都启用 HTTPS 加密，它颁发的免费证书用于加密设备与互联网之间的连接，确保无人能拦截及窃取传输数据。目前全球有数以百万计的网站依赖 Let’s Encrypt 作为安全保障。Let’s Encrypt 如今已是全球最大的证书签发 CA 机构。它于 2014 年 11 月宣布成立，2015 年 9 月 14 日签发了首张证书；2016 年 3 月签发了第一百万张证书；2017 年 6 月签发了第一亿张证书；2020 年 2 月签发了第十亿张证书。2018 年 9 月实现单日签发一百万张证书，2025 年 9 月实现单日签发一千万张证书。

Let's Encrypt十年来为全球数百万网站免费提供HTTPS加密证书，保障数据传输安全，已成为全球最大CA机构，并于2025年实现单日签发一千万张证书的里程碑。

针对复杂的dotNet样本如何使用dnlib来提取加密的字符串（在无法调试的情况下分析思路）。

陪着小小四一起长大，不肯放弃治疗

当前环境异常，需完成验证后继续访问。

Microsoft has patched a critical remote code execution (RCE)vulnerability in Outlook that could allow attackers to execute malicious code on vulnerable systems. The flaw, tracked as CVE-2025-62562, was released on December 9, 2025, and requires immediate attention from IT administrators and end users. The vulnerability stems from a use-after-free weakness in Microsoft Office Outlook. According […]

The post Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

«Лаборатория Касперского» выяснила, как ужесточение модерации в Telegram ломает привычную инфраструктуру киберпреступников и заставляет их искать другие площадки.

关键词漏洞网络安全公司Noma Security近期在谷歌Gemini Enterprise及其Vertex