Aggregator

A critical vulnerability affecting Meta React Server Components has been added to the Known Exploited Vulnerabilities catalog, signalling widespread active exploitation by CISA. Tracked as CVE-2025-55182, this remote code execution vulnerability poses an immediate threat to organizations that rely on React Server Components. The vulnerability stems from a significant flaw in how React Server Components […]

The post CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation appeared first on Cyber Security News.

欧盟委员会上周五根据《数字服务法》(Digital Services Act)对马斯克(Elon Musk)旗下的 X/Twitter 平台处以 1.2 亿欧元的罚款，理由包括 X 违反了欧盟透明度规定、提供的数据访问权限不足，以及其认证账户的蓝勾设计具有欺骗性——该公司并没有真正验证用户身份而是只要付钱就行。马斯克随后抨击欧盟应该废除，而 X 的高级官员 Nikita Bier 则宣布封禁欧盟的广告账户，声称欧盟试图利用其广告系统中的“漏洞”宣传上周五发布的罚款推文。欧盟委员会发言人对此回应称他们只是在使用 X 提供给企业账户的工具。

Organizations using Active Directory must update their password policies to block and detect compromised passwords. However, comparing vendors in this area can be challenging. By asking the right questions, you can identify the right partner and avoid introducing new technical, security, and compliance risks. This guide provides essential questions to help organizations find the best provider of password filtering and auditing tools for strengthening enterprise password security. Download: Evaluating Password Monitoring Vendors

The post Download: Evaluating Password Monitoring Vendors appeared first on Help Net Security.

Lazarus APT组织攻击样本分析

Learn why your existing security tech won’t detect data exposure, prompt injection and manipulation, and other AI security risks from ChatGPT Enterprise, Microsoft 365 Copilot, and other LLMs.

Key takeaways:

1. Even when they’re approved, generative AI tools like Microsoft Copilot and ChatGPT create an entirely new attack surface for organizations that behaves differently from the traditional IT attack surface and even the cloud attack surface.
    
2. Enterprise AI tools can instantly connect to your organization’s most sensitive data depending on how they’re configured. Clever employees can trick generative AI tools into exposing strategic plans, mergers and acquisitions, salary information, and other sensitive data.
    
3. Due to the uniqueness of the AI attack surface and the scale, ubiquity, and agency (ability to take autonomous action) of enterprise AI tools, organizations can’t rely on traditional security tools like data loss prevention software (DLP), cloud access security brokers (CASBs), or cloud security posture management (CSPM) to protect them from generative AI security risks.

When it comes to securing AI, many organizations believe they can mitigate enterprise AI risks by prohibiting employees from using public AI tools and instead directing them to use approved enterprise AI tools.

While enterprise versions of generative AI tools can help keep sensitive data out of public large language models (LLMs), the risk of data exposure remains. Why? Because approved, enterprise AI tools can instantly connect to your organization’s most sensitive data when implemented, depending on how they’re configured.

I repeat: When implemented, enterprise AI tools — including ChatGPT Enterprise, Microsoft Copilot, and others — can instantly connect to systems, such as your enterprise resource planning (ERP), human resources (HR), and customer relationship management (CRM) tools, where confidential customer data, employee data, financial data, intellectual property, and strategic plans reside.

As a result, employees can prompt enterprise generative AI tools to share sensitive data when these tools are configured to integrate with systems containing sensitive data. And if employees can do it, threat actors can, too.

I’ve seen many examples of employees finding creative ways to manipulate enterprise AI chatbots into sharing confidential data about equity deals, non-disclosure agreements, performance appraisals, financial projections, board slides, and more. If preventing this kind of rogue behavior, which creates an insider threat, isn’t part of your organization’s AI acceptable use policy and training, it should be.

I expect to see threat actors leverage misconfigurations in AI tools to access sensitive data and use prompt injection attacks to instruct AI agents to divert payments to cyber criminals’ bank accounts.

Your existing security tools — specifically, your data loss prevention (DLP), cloud access security brokers (CASBs), and cloud security posture management (CSPM) — won’t detect or prevent AI security risks because they were built to monitor a very different attack surface.

The unique challenges of detecting AI security risks and securing generative AI

The AI attack surface, which consists of all the AI tools and plugins (both sanctioned and shadow) that your employees and contractors use, is fundamentally different from every other attack surface your security team needs to monitor. AI tools have several characteristics that make them unique:

Scale and ubiquity: AI is woven throughout your environment. Not only do these tools instantly connect to your organization’s most sensitive data, they also touch nearly every process and workflow. Consequently, without specialized tools, it’s hard to understand all the systems, data, processes, and workflows that AI interacts with and supports.

Agency: AI isn’t just answering questions; it’s taking actions. Unlike traditional software, AI can be agentic: it can act independently and make decisions, and it accesses sensitive data in order to do so. For that reason, AI agents can also leak data.

Unpredictable: AI is non-deterministic, meaning, it can give different answers to the same question at different times, or use different methods to complete a task. The non-deterministic nature of AI makes it hard to monitor. For example, if you instruct an agent to exchange euros to U.S. dollars, it could use a different website each time to look up the exchange rate.

Generative AI security risks and the shortcomings of DLP, CASB, and CSPM for detectionDLP

Traditional data loss prevention software works by looking for specific patterns and terms, like social security numbers or a “confidential” digital watermark. Clever employees and attackers can easily bypass DLP using AI because AI operates on the meaning of a prompt, not just the keywords in it.

For example, an employee or attacker can simply alter a prompt by writing it in another language or even using Morse code to get around a traditional DLP filter.

CASB

Because many AI tools are delivered as SaaS, you might think your CASB would help. It doesn’t. CASB sits between the user and the SaaS provider and primarily monitors security risks that occur at runtime — that is, during the interaction between the user and the AI service.

Many of the most significant AI risks don’t take place at runtime. They’re rooted in misconfigurations within the AI platform. For example, the AI development tool Cursor was found to have a “yolo mode” that, when enabled via a misconfiguration, could automatically run actions on a developer’s machine and forward traffic to external servers. Yikes! A CASB would never see this activity because the risky connection isn’t happening at runtime, between the user and the primary AI service (in this case, Cursor).

Cloud security: CSPM and AI-SPM

Both cloud security posture management and its AI-focused companion, AI-SPM, are vital. AI-SPM in particular is a powerful tool for discovering the AI models your organization is using to build AI applications in the cloud, how software libraries and data sources are connected, and access misconfigurations. But it doesn’t detect AI exploitation at runtime.

Moreover, AI isn’t just another cloud resource. Take Vertex AI, Google Cloud’s machine learning platform for building, training, and deploying AI models and applications. A Vertex AI resource running in a cloud environment is much more than a cloud resource, and a misconfiguration in an AI resource is much more than a misconfiguration in a cloud resource. AI-SPM lacks capabilities to pen-test and assess the security of AI applications built on top of pre-built AI models like Vertex AI in pre-production.

Securing generative AI demands specialized, purpose-built tools 

Because there are so many different ways AI tools and platforms can be exploited, organizations need the following capabilities:

Continuous AI discovery: The ability to see all AI resources, whether they’re approved or unapproved, including models, agents, platforms, and plugins, combined with the ability to see what systems AI resources connect to.

Prompt-level visibility: The ability to understand what people are using AI for. Are they using it to analyze sensitive financial information, to generate code, or make critical hiring and investment decisions?

AI threat detection and remediation: The ability to uncover and fix vulnerabilities, misconfigurations, and risky integrations, such as AI agents based in sensitive files or connected to external tools, and to detect other risks, including prompt injection and manipulation, attempts to jailbreak AI tools, and other violations of AI acceptable use policies.

These three interrelated capabilities must work together as part of a broader exposure management strategy. Exposure management puts AI security risks in the context of exposures across the rest of your attack surface — traditional IT, cloud, identity systems and operational technology (OT) — so you can visualize potential attack paths and take steps to proactively remediate them.

As part of the Tenable One Exposure Management Platform, Tenable AI Exposure uniquely solves a critical AI security pain point for organizations that their traditional tools can’t. It provides essential capabilities that security teams need to sniff out suspicious AI use, protect sensitive information, and enforce acceptable use policies.

Tenable AI Exposure continuously discovers all approved and unapproved generative AI usage throughout an organization, including models, agents, platforms, and plugins. It provides deep, prompt-level visibility to reveal how users interact with AI platforms and agents, show what data is involved, how AI assistants and agents behave, and which workflows those interactions trigger across your environment.

In addition, Tenable AI Exposure:

• Identifies and disables prompt manipulation techniques like direct and indirect prompt injection and jailbreaks.
• Protects against malicious actions triggered by AI agents, whether accidental or attacker-driven.
• Uncovers misconfigurations in AI platforms that allow platforms and agents to connect to risky tools or expose sensitive data.
• Detects unsafe third-party tools and integrations.
• Applies a mix of machine learning and deep learning models to evolve and learn dynamically as attack techniques change.

The era of AI is upon us, and the tools you’re using to protect your organization can’t keep up with the AI attack surface. Security for AI requires specialized tools, a proactive exposure management strategy, and capabilities for monitoring your entire attack surface, from the prompt to the perimeter and beyond.

If you’re a Tenable One customer and you’re interested in an exclusive private preview of Tenable AI Exposure, fill out the brief form at the top of the Tenable AI Exposure page where it says “Get started with Tenable AI Exposure.”

In 2025, AI bots officially entered Cyber Week. Learn how agents shaped traffic and shopper intent — and why retailers must optimize for AI-driven commerce.

30 年前的 12 月 4 日，Netscape Communications 和 Sun Microsystems 发表新闻稿，正式宣布推出设计用于创建交互式 Web 应用的对象脚本语言 JavaScript。Netscape 工程师 Brendan Eich 在 1995 年 5 月的 10 天内冲刺开发出了一个内部原型，1996 年 3 月发布了 JavaScript 的 1.0 版本。30 年后的今天 JavaScript 运行在 98.9% 的支持客户端代码的网站上，是 Web 领域最具支配性的编程语言。除浏览器之外，JavaScript 还驱动着服务器后端、移动应用、桌面软件，甚至部分嵌入式系统。JavaScript 一直是全球使用最广泛的语言之一。包括 Netscape 和 Sun 在内的众多最早支持 JavaScript 的科技公司基本都已经消失，而 JavaScript 比它们都活得更久。JavaScript 使用过多个名字，最早叫 Mocha，然后改为 LiveScript，12 月 Netscape 和 Sun 签署授权协议正式将其命名为 JavaScript。JavaScript 与 Sun 的 Java 语言一度引起混淆和困惑，其实除了名字和部分语法规范，两者基本上毫无关系。甲骨文在收购 Sun 之后继承了 JavaScript 商标，但从未使用 JavaScript 名字构建产品，Brendan Eich 等人在一封公开信中认为甲骨文因从未使用而放弃了该商标，因此 JavaScript 成为一个通用术语。

Многолетние мольбы IT-сообщества наконец были услышаны.

A severe authentication bypass vulnerability has been discovered in cal.com, the popular open-source scheduling platform. Allowing attackers to gain unauthorized access to user accounts by submitting fake TOTP codes. According to GitHub, flaw tracked as CVE-2025-66489, this critical flaw affects versions up to 5.9.7 and has been patched in version 5.9.8. Flawed Authentication Logic Exposes User […]

The post Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes appeared first on Cyber Security News.

A vulnerability described as problematic has been identified in CIRCL Vulnerability-Lookup up to 2.17.x. This impacts an unknown function. The manipulation of the argument related_vulnerabilities results in cross site scripting. This vulnerability is cataloged as CVE-2025-42620. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Infinera MTC-9 up to 22.x. This affects an unknown function of the component SSH Service. The manipulation leads to missing authentication. This vulnerability is listed as CVE-2025-27020. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

The United States continues to face an unprecedented surge in cyber threats, accounting for nearly half of all documented cyber attacks globally between 2024 and 2025. Recent data from the Cyber Events Database reveals that the US experienced 646 reported incidents during this period, representing 44 percent of all tracked attacks worldwide. This alarming statistic […]

The post US Accounts for 44% of Cyber Attacks; Financial Gain Targets Public Administration appeared first on Cyber Security News.

A vulnerability labeled as problematic has been found in GS Yuasa International FULLBACK Manager Pro and FULLBACK Manager Pro for Network. The impacted element is an unknown function of the component Windows Service. Executing manipulation can lead to unquoted search path. This vulnerability is tracked as CVE-2025-66461. The attack is restricted to local execution. No exploit exists.

A vulnerability identified as critical has been detected in KNIME Business Hub up to 1.16.x. The affected element is an unknown function of the component Catalog Service. Performing manipulation results in incorrect ownership assignment. This vulnerability is identified as CVE-2025-14262. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182, also known as the React2Shell flaw, within hours, according to AWS Security. The researchers confirmed that this vulnerability doesn’t affect AWS services, however they opted to share threat intelligence data to […]

A vulnerability categorized as critical has been discovered in Infinera MTC-9 up to 22.x. Impacted is an unknown function of the component Remote Shell Service. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-27019. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in CIRCL Vulnerability-Lookup up to 2.17.x. It has been rated as problematic. This issue affects some unknown processing. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2025-42616. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in CIRCL Vulnerability-Lookup up to 2.17.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation results in improper restriction of excessive authentication attempts. This vulnerability was named CVE-2025-42615. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

Georg Driegen wordt met ingang van 1 januari 2026 directeur Operatiën bij de Algemene Inlichtingen- en Veiligheidsdienst (AIVD).

Guidance for organisations wishing to deploy products that use IPsec.