Aggregator

Claude теперь сам ломает сети и пишет отчеты о проделанной работе.

CISOs are under pressure to prove that their security programs can detect threats early, reduce business risk, and support fast, confident response. But that becomes harder when attackers stop relying on obviously malicious tools. In recent phishing-to-RMM campaigns observed by ANY.RUN analysts, threat actors are using fake Microsoft, Adobe, and OneDrive pages to deliver legitimate […]

The post Phishing-to-RMM Attacks: The Remote Access Blind Spot CISOs Can’t Ignore  appeared first on ANY.RUN's Cybersecurity Blog.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability
• CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

In our last post in this series, we compared two credential formats that shape the digital identity ecosystem: ISO/IEC 18013-5 and -7 mobile documents (mdocs) and W3C Verifiable Credentials (VCs). Both formats define how a credential is structured and shared, but neither can function without an issuance process. This blog post explores what it takes to issue verifiable digital credentials, with a focus on mobile driver’s licenses (mDLs). We’ll look at how issuance works today in practice, where inconsistencies exist, and how standards bodies (FIDO, ISO and OpenID Foundation) are working to

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security

A critical zero-click authentication coercion vulnerability, tracked as CVE-2026-32202, stemming from an incomplete patch for a Windows Shell security feature bypass actively weaponized by the Russian APT28 threat group. Microsoft confirmed active exploitation of the flaw and released a fix as part of its April 2026 Patch Tuesday update. According to CERT-UA, the APT28 threat actor, also known […]

The post New Windows 0-Click Vulnerability Exploited to Bypass Defender SmartScreen appeared first on Cyber Security News.

Silver Fox, a China-based threat group has launched a new wave of attacks targeting businesses and individuals across Asia, using fake tax audit notifications and counterfeit software update alerts to install dangerous malware on victim systems. The campaign reflects a sharp rise in socially engineered attacks that exploit the trust people place in official-looking messages […]

The post New Silver Fox Campaign Uses Fake Tax Audit Alerts and Software Updates to Deliver Malware appeared first on Cyber Security News.

A vulnerability was found in Xuxueli xxl-job up to 3.3.2. It has been declared as critical. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key . This vulnerability is referenced as CVE-2026-7306. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Xuxueli xxl-job up to 3.3.2. It has been classified as critical. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes server-side request forgery. The identification of this vulnerability is CVE-2026-7305. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. There is ongoing doubt regarding the real existence of this vulnerability. The project maintainer explains (translated from Chinese): "Triggers are manually activated and involve login and access control, thus requiring management." The pull request by the researcher got rejected because of that.

A vulnerability was found in Xuxueli xxl-job up to 3.3.2 and classified as problematic. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improper control of resource identifiers. This vulnerability was named CVE-2026-7303. The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.

「你必须为模型将要去的方向设计硬件，而不是为今天的模型。

Submit #803077 / VDB-359961

Submit #803076 / VDB-359960

Submit #803075 / VDB-359959

CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates.

Вредоносное приложение долго оставалось в топе Google Play.

A wave of large-scale phishing campaigns backed by Chinese-language services is quietly targeting people around the world, using everyday messaging apps to steal personal and financial credentials. These operations have grown well beyond regional limits, making them one of the most organized and active threats in the current cyber threat landscape. Phishing-as-a-service, commonly known as […]

The post Chinese-Backed Smishing Services Use OTT Messaging and SMS to Scale Credential Theft appeared first on Cyber Security News.

1973年10月6日下午1点55分，赎罪日。以色列正处在一年里最安静、最神圣的时刻。街上车少，电台节目少，许多士兵也离开岗位回家。

Microsoft fixed a Microsoft Entra ID flaw where the Agent ID Administrator role could enable privilege escalation and account takeover. Microsoft addressed a flaw in Microsoft Entra ID that could let attackers take over service accounts. The issue involved the Agent ID Administrator role, which manages AI agent identities and access, and could be abused […]

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the