Aggregator

Уже к 2050 году автоматизация кардинально изменит весь рынок труда.

未必适合你在国内当做「主力机」，但它真的很有趣。

苦等 20 年的 IPO，终于迎来曙光。

Ирландские эксперты обнаружили систему сбора данных без возможности отключения.

CISA released eight Industrial Control Systems (ICS) advisories on March 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-063-01 Carrier Block Load
• ICSA-25-063-02 Keysight Ixia Vision Product Family
• ICSA-25-063-03 Hitachi Energy MACH PS700
• ICSA-25-063-04 Hitachi Energy XMC20
• ICSA-25-063-05 Hitachi Energy UNEM/ECST
• ICSA-25-063-06 Delta Electronics CNCSoft-G2
• ICSA-25-063-07 GMOD Apollo
• ICSA-25-063-08 Edimax IC-7100 IP Camera 

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability
• CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability
• CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
• CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Fastly found that organizations have introduced changes such as increasing CISO participation in strategic decisions in response to growing personal liability risks

VMware has issued a critical security advisory (VMSA-2025-0004) warning of active exploitation of three vulnerabilities in its ESXi, Workstation, and Fusion products. These flaws, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow attackers to execute malicious code, escalate privileges, and leak sensitive memory data. The most severe vulnerability, CVE-2025-22224, carries a CVSSv3 score of 9.3 and enables hypervisor-level […]

The post VMware ESXi Vulnerabilities Exploited in Wild to Execute Malicious Code appeared first on Cyber Security News.

A massive attack targets ISPs in China and the U.S. West Coast to deploy info stealers and crypto miners on compromised systems. The Splunk Threat Research Team discovered a mass exploitation campaign from Eastern Europe targeting ISPs in China and the U.S. West Coast to deploy info stealers and crypto miners. Threat actors use weak […]

Швейцарские ученые нашли способ вылечить тревожность у ИИ.

Veriti Research has identified a growing trend – attackers leveraging cloud infrastructure to facilitate malware distribution and command-and-control (C2) operations. This evolving tactic not only makes detection more challenging but also exposes organizations to significant security risks.  Malware Hosted on Cloud Services  One of the most alarming findings from our research is that over 40% […]

The post Veriti Research Uncovers Malware Exploiting Cloud Services  appeared first on VERITI.

The post Veriti Research Uncovers Malware Exploiting Cloud Services  appeared first on Security Boulevard.

Британия требует защитить юных пользователей.

Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. [...]

安全信息和事件管理(SIEM)平台的价值已经远远超越了基本的日志收集和关联根源，云的采用、多种工具的集成和人工 […]