Aggregator

Georg Driegen wordt met ingang van 1 januari 2026 directeur Operatiën bij de Algemene Inlichtingen- en Veiligheidsdienst (AIVD).

Guidance for organisations wishing to deploy products that use IPsec.

Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.

For the latest discoveries in cyber research for the week of 8th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Pennsylvania and the University of Phoenix were hit by data breaches after attackers exploited zero-day vulnerabilities in Oracle E-Business Suite servers. At least 1,488 people at UPenn and numerous […]

The post 8th December – Threat Intelligence Report appeared first on Check Point Research.

The Kitten Project has emerged as a coordinated hacktivist platform operating at the intersection of activism and technical operations. This initiative represents a shift in how cyber-focused groups organize their campaigns, moving beyond isolated attacks toward centralized infrastructure that facilitates communication, resource sharing, and coordinated action. The platform, accessible through thekitten.group, serves as a hub […]

The post The ‘Kitten’ Project – Hacktivist Groups Carrying Out Attacks Targeting Israel appeared first on Cyber Security News.

Как объясняют это представители OpenAI и что делать простым пользователям?

There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers

Proxmox Virtual Environment has become a popular choice for organizations building private cloud infrastructure and virtual machine management systems. However, a new analysis reveals significant security gaps in how the hypervisor can be exploited once an attacker gains initial access to the system. The research exposes a range of attack vectors that allow adversaries to […]

The post LOLPROX Exposes Hidden Exploitation Paths that Can Enable Stealthy Hypervisor Attacks appeared first on Cyber Security News.

Хакеры-близнецы, работающие на подрядчика правительства США, якобы превратили служебный доступ в инструмент для саботажа и кражи данных.

针对初中生继续出有意思的小题

Теперь ясно, что даже актуальное ядро Linux может уместиться в скромные пределы.

The developer tools used by millions of programmers worldwide have become a prime target for attackers seeking to compromise entire organizations. Visual Studio Code and AI-powered IDEs like Cursor AI, when combined with their extension marketplaces, present a critical vulnerability in the software supply chain. Unlike regular users, developers hold access to sensitive credentials, source […]

The post Hackers Compromising Developers with Malicious VS Code, Cursor AI Extensions appeared first on Cyber Security News.

WOOOOOOOOT 2025~

Zr.Ms. Den Helder keert terug naar het Caribisch deel van het Koninkrijk. Het schip was daar eerder voor warmweerbeproevingen. Na een tussentijds bezoek aan Norfolk en New York gaat dit bevoorradingsschip er nu weer heen.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2022-37055 D-Link Routers Buffer Overflow Vulnerability
• CVE-2025-66644 Array Networks ArrayOS AG OS Command Injection Vulnerability 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.   

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas.  Why holiday peaks

Выясняем, как безобидная на первый взгляд настройка может разрушить доверие между шефом и подчинёнными.

Security researchers will now be protected from prosecution in Portugal as long as they meet certain conditions

React2Shell (CVE-2025-55182) is under active exploitation by Earth Lamia and Jackpot Panda, risking over two million instances worldwide