Aggregator

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 149. This impacts an unknown function of the component Web Codecs. Executing a manipulation can lead to uninitialized pointer. The identification of this vulnerability is CVE-2026-6748. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 149. The impacted element is an unknown function of the component HTML Component. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-6746. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Mozilla Firefox up to 149. It has been declared as problematic. Impacted is an unknown function of the component Security Component. Executing a manipulation can lead to an unknown weakness. This vulnerability is tracked as CVE-2026-6771. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

英国议会通过了法案 Tobacco and Vapes Bill，17 岁及以下儿童将面临终身禁止购买香烟的禁令。该法案旨在禁止商店向 2009 年 1 月 1 日之后出生的儿童出售烟草，阻止他们吸烟，最终目标是打造无烟一代。吸烟是可预防死因之一，该法案被视为是几十年来英国最大的公共卫生干预措施。

UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate

Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "Caller-as-a-Service" operations like a professional sales team. [...]

Толщина интерфейса — один атом. И мозг превращается в читаемую карту.

Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access […]

Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works.

Prove has launched the Prove Identity Platform, turning identity verification into an ongoing, real-time process for users, businesses, and AI agents. AI agents are already initiating real transactions on behalf of real people. OpenAI and Stripe launched the Agentic Commerce Protocol in September. Visa named Anthropic, OpenAI, and Perplexity as agentic commerce partners. As that shift accelerates, the central question facing every organization becomes: Is this person real, and did they authorize this specific action, … More →

The post Prove Identity Platform connects verification, authentication, and fraud prevention appeared first on Help Net Security.

22 岁的 Sam 在印度医学院学习，经济拮据，父母资助的钱大部分花在执业资格考试上，他还在为毕业后移民美国存钱。他尝试了很多赚钱法，制作 YouTube 短视频，向其他医学院学生出售学习笔记等等，效果不一，他在浏览 Instagram 时突然产生了一个想法，为什么不用 Google Gemini 的 Nano Banana Pro 生成一个女孩，然后出售她的比基尼照片？然而他的 AI 女孩基本无人问津，他转而询问 Gemini 背后的原因。AI 指出他创造的是没有特色的性感女孩，需要与网络上数以百万计的类似女孩展开竞争。Gemini 帮助他挑选了一个非常有潜力的细分市场：MAGA/保守派。Gemini 指出美国保守派尤其是老年男性，通常拥有更高的可支配收入，而且更忠诚。Sam 于去年 1 月创建了 Emily Hart（@emily_hart.nurse），一名注册护士，长相类似 Jennifer Lawrence，他在发布照片时配上了很多反对自由派和支持保守派的口号，如“基督是王，堕胎是谋杀，非法移民必须被遣返”之类。Sam 从未去过美国，但却成为 MAGA 思想的忠实拥护者，他说自己每天都会写支持基督教、支持第二修正案、拥护生命权、反堕胎、反觉醒主义和反移民的文章。虽然他觉得自己的骗局过于明显，但他的账号却爆红了。他发布的每则 Reels 视频都能获得 300 万、500 万、1000 万的观看量，算法在推荐此类内容。由于 OnlyFans 限制 AI 模特，因此他在不限制 AI 的平台 Fanvue 发布了 AI 生成的软色情，依靠 Fanvue 订阅收入和 MAGA 主题 T 恤销售，他每月赚到了数千美元。Emily Hart 是众多 AI 生成的 MAGA 女网红之一，此类网红都是基于特定模板生成的：白人金发，从事应急救援工作如警察、消防员或急救员，言论都是常见的右翼观点。MAGA 女网红比较罕见，因为 18-29 岁的女性绝大多数倾向于自由派，年轻 MAGA 女性更能吸引保守派男性眼球。自由派对 AI 的识别度更高，Sam 尝试过生成自由派女网红，根本没有互动。他曾收到一则视频，一名男子对着 Emily 的照片自慰，对方给了 50 美元小费，他的感觉就是“随你便”。@emily_hart.nurse 账号在今年 2 月被 Instagram 以存在欺诈行为为由封禁。Sam 说即使没封他也打算收手了，他需要将重心转移到学业上。

Dutch intelligence says the threat from Beijing is now largely going unmet and is so sophisticated its operations are regularly missed by intelligence agencies and cybersecurity defenders.

22 BRIDGE:BREAK flaws hit Lantronix and Silex Technology converters, exposing approximately 20,000 devices to hijacking and data tampering. Researchers at Forescout Research Vedere Labs found 22 BRIDGE:BREAK flaws in serial-to-IP devices from Lantronix and Silex Technology. Serial-to-IP converters, also known as serial device servers, connect legacy serial equipment to modern IP networks for remote monitoring […]

«Озон Телеком», «Бридж Телеком» и еще десятки компаний. Список тех, кто остался без разрешений РКН

Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging by the aforementioned hard-coded string, this particular variant might have been coded the old-fashioned way. “Tuxnokill” and “Nexcorium” Based on hits on the company’s global network of honeypots, Akamai found that tuxnokill is spreading through CVE-2025-29635, … More →

The post New Mirai variants target routers and DVRs in parallel campaigns appeared first on Help Net Security.

Acronis has launced Acronis GenAI Protection, a monitoring and security solution that enables managed service providers (MSPs) to control generative AI usage across client environments, preventing sensitive data exposure and protecting against malicious prompt manipulation. Acronis GenAI Protection represents the initial phase of Acronis Cyber Workspace, with additional capabilities planned for release to deliver a protected AI workspace, natively integrated into the Acronis platform. As organisations rapidly adopt generative AI tools, businesses face growing risks … More →

The post Acronis GenAI Protection gives MSPs control over AI usage and data risks appeared first on Help Net Security.

ANY.RUN has expanded access to Threat Intelligence capabilities for SOC and MSSP teams, backed by live attack data from 15,000 organizations.  Here’s how your team can test TI’s impact on triage quality, response speed, and threat hunting workflows.  See How Threat Intelligence Accelerates Your SOC  ANY.RUN now offers 20 premium requests in Threat Intelligence Lookup and YARA Search as part of the Free plan.   You can get immediate threat context for over 40 types […]

The post More Attack Context for Faster Triage, Response, and Hunting. Now Available to Every SOC appeared first on ANY.RUN's Cybersecurity Blog.

近期，北京市网信办会同北京金融监管局扎实推进“清朗京华·金融守护”专项行动，督导属地网站平台依法依约清理违法违规信息15.5万余条,处置违法违规账号3.9万余个。