Aggregator

Gcore reported a 56% year-over-year rise in DDoS attacks in H2 2024, highlighting a steep long-term growth tend for the attack technique

Salt Typhoon underscores the urgent need for organizations to rapidly adopt modern security practices to meet evolving threats.

The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. Artificial intelligence (AI) is transforming industries and redefining how organizations protect their data in today’s fast-paced digital world. With over 90% of enterprises storing at least some of their data in the cloud, AI’s ability […]

中小企业如何在预算有限的情况下搭建一套可用流量检测与告警方案

Традиционные методы защиты больше не работают – что делать компаниям?

本文总结了一系列Flask SSTI利用与绕过方式，希望提高大家的工作与研究效率。

A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2024.12.1. Affected is an unknown function of the component Code Inspection Report Tab. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-26493. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Sinaptik AI PandasAI 2.4.0. This issue affects some unknown processing of the component Natural language Processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-12366. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in JetBrains TeamCity up to 2024.12.1. This vulnerability affects unknown code of the component Kubernetes Connection Handler. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2025-26492. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Devolutions Server up to 2024.3.10.0. This affects an unknown part of the component PAM Module. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-1231. Access to the local network is required for this attack to succeed. There is no exploit available.

​The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. [...]

Роскомнадзор подтвердил кратковременные проблемы.

若得到证实，这将成为 AI 生成对话数据中规模最大的泄露事件之一。

Defenders, this one is for you. Read this SOTI report to get actionable insights from cybersecurity experts who battle cyberthreats every day.