Aggregator

A vulnerability has been found in Linux Kernel up to 5.15.60/5.18.17/5.19.1 and classified as problematic. This issue affects the function get_nodes of the component mempolicy. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2022-50147. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

Over half of organizations that experienced a ransomware event in the past year were hit during a weekend or holiday, according to a Semperis report. Those periods often come with thin staffing, slower investigation, and fewer eyes on identity systems. Intruders know that reduced attention allows them to move deeper before alarms are raised. 60% of incidents happened after a merger, acquisition, restructuring, or similar shift inside the business. The most common trigger was an … More →

The post The weekend is prime time for ransomware appeared first on Help Net Security.

HackerNews 编译，转载请注明出处： 法国足球联合会（FFF）证实遭遇网络攻击：攻击者通过一个被盗账号非法入侵系统，窃取了会员相关数据。该机构于上周四确认了这起网络攻击事件，但未披露受影响的会员人数。 数据泄露通知中写道：“法国足球联合会（FFF）通报，各俱乐部用于行政事务管理（尤其是会员管理）的软件遭遇网络攻击，导致数据被盗。” “在发现攻击者利用被盗账号进行未授权访问后，法国足球联合会相关部门立即采取必要措施保障软件与数据安全，包括即刻停用涉事账号，并重置所有用户账号密码。” 联合会表示，在发现未授权访问后已解决相关问题。 法国足球联合会通过被盗账号检测到未授权访问后，立即采取系统加固措施：停用涉事账号并重置所有密码。该机构已向法国国家信息与自由委员会（CNIL）及法国网络安全局（ANSSI）报案，并将通知所有数据库中留有邮箱地址的相关人员。此次泄露的数据范围有限，包括姓名、性别、出生日期、国籍、邮寄地址、电子邮箱、电话号码及会员注册号。 法国足球联合会提醒会员：警惕疑似来自联合会或所属俱乐部的陌生信息，尤其需注意那些要求打开文件、共享密码或银行账户详情的信息。 通知最后指出：“法国足球联合会致力于保护所有托付给我们的数据，并正持续强化和调整安全防护措施 —— 与众多其他机构一样，以应对日益增多的新型网络攻击。”   消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

В абсолютной тишине океанских глубин дроны учатся убивать дронов за миллиарды.

得亏不是我去开家长会

EntraGoat is a deliberately vulnerable Microsoft Entra ID infrastructure designed to simulate real-world identity security misconfigurations and attack vectors.

The post EntraGoat: Deliberately Vulnerable Microsoft Entra ID Lab for Privilege Escalation Training appeared first on Penetration Testing Tools.

Microsoft has warned users of a Windows 11 malfunction: following updates released since August 2025, the lock screen

The post Windows 11 Lock Screen Glitch: Password Login Icon Vanishes After August Update appeared first on Penetration Testing Tools.

Several London boroughs have been hit by a serious digital incident that has rendered parts of their online

The post London Cyber Crisis: Attack Forces Multiple Borough Councils to Shut Down Services appeared first on Penetration Testing Tools.

In China, new regulations for portable charging devices are under discussion — and they are already causing unease

The post Travel Warning: China’s Strict New Power Bank Rules Could Ban Devices from Aircraft Cabins appeared first on Penetration Testing Tools.

A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to bypass Outlook’s security mechanisms, specifically the “Protected View,” to execute malicious code or steal credentials. The release of this PoC highlights the continued risk posed by […]

The post PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability appeared first on Cyber Security News.

Messages in the WhatsApp messenger may contain hidden geolocation data even when the user has deliberately chosen not

The post Alarm: WhatsApp Messages Secretly Contain Hidden Geolocation Data for Forensic Extraction appeared first on Penetration Testing Tools.

GCC developers have enabled C++20 as the default standard in the branch for the upcoming GCC 16 release.

The post GCC 16 Makes C++20 the Default Standard, Requires Flags for Older Projects appeared first on Penetration Testing Tools.

ChatGPT has, until now, remained entirely free of advertising—no banners, no covert product placement, not even gentle nudges

The post Ad-Free Era Ends? Leaked Code Reveals ChatGPT is Testing ‘Search Ads Carousel’ appeared first on Penetration Testing Tools.

Online extortion targeting children is rapidly escalating — new data from the British charity NSPCC reveal that digital

The post Crisis Alert: 1 in 10 UK Children Face Online Blackmail and Extortion Threats appeared first on Penetration Testing Tools.

SDC2025 议题回顾 | 跨向无人之境：智能架构的支付宝安全风险扫描实践 以下为部分内容整理后的速记 在当 […]

The CRISPR gene-editing system has now reached one of the principal drivers of cardiovascular disease: dangerous blood lipids.

The post CRISPR vs. Cholesterol: Single-Dose Gene Editing Eliminates Major Heart Disease Risk Factors appeared first on Penetration Testing Tools.

The Whonix team has unveiled a test build of the major release Whonix 18.0.7.5, a distribution designed for

The post Whonix 18 Beta Released: Adds Full IPv6 Support, LXQt, and Wayland-Only Kloak Anonymizer appeared first on Penetration Testing Tools.

A threat actor known as “zestix” has claimed responsibility for a significant data breach affecting Mercedes-Benz USA (MBUSA), allegedly exfiltrating 18.3 GB of sensitive legal and customer information. The threat actor posted the dataset for sale on a dark web forum, pricing the complete archive at $5,000. According to the listing, the breach exposes a […]

The post Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data appeared first on Cyber Security News.

微信联合TSRC发起「敏感数据专测」，诚邀白帽同行，共同构筑更坚实的数据防线。