Aggregator

Компания предупреждает о рисках для видеокарт и виртуализации.

Security researchers have raised alarms about active exploitation attempts targeting a newly discovered zero-day command injection vulnerability in Zyxel CPE Series devices, tracked as CVE-2024-40891. This critical vulnerability, which remains unpatched and undisclosed by the vendor, has left over 1,500 devices globally exposed to potential compromise, as reported by Censys. About the Vulnerability – CVE-2024-40891 CVE-2024-40891 […]

The post Zyxel CPE Zero-Day (CVE-2024-40891) Exploited in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Bitwarden announced it has strengthened its Password Manager with secure shell management (SSH). This update centralizes cryptographic key management, enabling secure storage, import, and generation of SSH keys directly within the Bitwarden vault to enhance workflows for developers and IT professionals. Addressing SSH key management challenges SSH keys are essential for securing connections between devices and servers, enabling passwordless authentication for remote systems. Traditional SSH key workflows often require managing multiple keys across devices and … More →

The post Bitwarden centralizes cryptographic key management appeared first on Help Net Security.

The National Audit Office warns of major gaps in cyber resilience across UK government departments

Google’s Threat Intelligence Group (GTIG) in collaboration with Mandiant has revealed critical insights into ScatterBrain, a sophisticated obfuscation tool utilized by China-nexus cyber espionage groups, specifically APT41, to deploy the advanced backdoor family POISONPLUG.SHADOW. This analysis underscores the significant evolution of obfuscation techniques from earlier counterparts like ScatterBee, making ScatterBrain a primary contributor to the […]

The post Google Researchers Breakdowns Scatterbrain Behind PoisonPlug Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Absolute Security announced that the Absolute Resilience Platform has expanded to provide customers with integrated, resilient, and automated patch management, vulnerability scanning and remediation, workflow automation and remote “one-click” endpoint rehydration. Unified with existing Absolute capabilities, this single-platform approach delivers needed security and risk capabilities, reduces the cost of endpoint management, and improves resilience across endpoints and critical security and IT controls to ensure your enterprise remains always on, fully operational, and protected against threats … More →

The post Absolute Resilience Platform updates improve resilience across endpoints appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in CakePHP up to 3.2.4. This affects the function clientIp of the component HTTP Header Handler. The manipulation of the argument CLIENT-IP leads to improper input validation. This vulnerability is uniquely identified as CVE-2016-4793. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Школьник чуть не сжёг здание управы района Внуково.

London's world-famous British Museum was forced to partially close its doors at the end of last we

Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Hidden control panel Through deep analysis, researchers identified a hidden administrative layer within the C2 servers, offering the attackers centralized control over compromised systems. This web-based administrative platform, built with React and Node.js, enabled Lazarus to: Precisely organize and manage exfiltrated … More →

The post How Lazarus Group built a cyber espionage empire appeared first on Help Net Security.

A newly identified strain of information-stealing malware, FleshStealer, is making headlines in 2025 due to its advanced evasion techniques and targeted data extraction capabilities. Flashpoint analysts have shed light on its operation, revealing a sophisticated tool that poses significant risk to organizations worldwide. Designed to bypass traditional defenses and target sensitive data, FleshStealer is emerging […]

The post FleshStealer: A new Infostealer Attacking Chrome & Mozilla Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

It is highly rewarding to see how AI “thinks” aloud step by step, trying alternatives, and self-vali

Браузер теперь видит обман до того, как вы его заметите.

Обновленная модель больше не нуждается в указаниях.

HackerNoon editorial team has launched this interview series with women in tech to celebrate their a

Cyberhaven launched Cyberhaven for AI, a solution that enables enterprises to securely adopt generative AI while protecting sensitive corporate data. The announcement comes as research reveals a 485% increase in corporate data being shared with AI tools, with over 73% of workplace AI usage happening through unsanctioned personal accounts. “The rapid adoption of generative AI tools has created a new frontier of data security challenges for enterprises,” said Howard Ting, CEO of Cyberhaven. “While AI … More →

The post Cyberhaven for AI provides visibility into AI tool usage appeared first on Help Net Security.