Aggregator

Кто скрывался за «идеальными партнёрами» в соцсетях — и как их поймали.

Cisco Talos has revealed that UAT-8099, a Chinese-speaking cybercrime group, has been exploiting vulnerable Internet Information Services (IIS) servers across multiple countries to conduct search engine optimization (SEO) fraud and steal high-value data. Identified in April 2025, this group targets reputable IIS servers in India, Thailand, Vietnam, Canada, and Brazil, focusing on organizations such as […]

The post IIS Servers Compromised by Chinese Hackers for SEO Manipulation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Explore eye vein verification technology: how it enhances authentication, software development challenges, security, and future applications. A deep dive.

The post Eye Vein Verification Technology Explained appeared first on Security Boulevard.

文章介绍了眼静脉验证技术及其工作原理：通过红外光扫描眼睛血管生成独特模板用于身份验证。该技术具有高安全性、难以伪造的优势，在医疗、金融等领域有广泛应用潜力。同时探讨了其开发技术、安全性及隐私保护挑战，并展望了未来应用场景。

In a sophisticated resurgence of smishing campaigns, cybercriminals have begun embedding trusted brand names into deceptive URLs and group messaging threads to lure unsuspecting users into downloading malware. By inserting a familiar company name before the “@” symbol in links, attackers exploit users’ trust in established entities such as FedEx and Microsoft. Coupled with deceptively […]

The post Threat Actors Imitate Popular Brands in New Malware Distribution Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章指出，在NIS 2法规下，231模型需从形式走向实质化。组织若仅依赖纸面系统将面临风险和责任。文中分析了五种失败的网络安全模型，并提出以真实风险为导向、具体行动和持续进化为原则的有效方案。强调领导力和文化变革的重要性，将网络安全视为核心竞争力而非负担。

文章探讨了人工智能在法医学中的应用与局限性。尽管AI能快速处理大量数据、分类图像和转录音频，但其非确定性和潜在错误使其成为不可完全信赖的工具。作者强调应将AI视为辅助工具而非替代品，并需通过严格的人类监督和最佳实践来确保结果的可靠性和法律合规性。

2025年欧洲网络安全月强调企业风险处于历史高位，AI、云和自动化推动机器身份增长，成为主要攻击目标。人为错误仍是主要威胁，需加强安全意识和培训。专家建议整合安全策略，采用零信任和多因素认证等措施应对复杂威胁。

Oracle has confirmed that a group of hackers stole data from its E-Business Suite (EBS) applications and is using the information in extortion campaigns. The company warns that these attackers exploited vulnerabilities already fixed in the July 2025 Critical Patch Update (CPU). Oracle strongly urges all customers to apply the latest CPU immediately to defend […]

The post Oracle Confirms Hackers Target E-Business Suite Data in Extortion Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

トレンドマイクロ株式会社から、ウイルスバスター for Mac向けのアップデートが公開されました。

文章讨论了企业为客户提供SSO集成看似简单的功能背后隐藏的巨大成本。除了直接的开发费用外,还包括机会成本、维护税、安全风险及跨部门拖累等隐形支出,总成本可能高达15万美元以上。文章建议使用专业解决方案来降低这些成本,让团队专注于核心业务。

A new offering named Rhadamanthys, a sophisticated information stealer, has surfaced for sale on underground marketplaces, with subscription packages starting at $299 and reaching up to $499 per month. Marked by its polished branding and tiered pricing structure, the malware positions itself as a professional-grade service rather than a casual tool for novice cybercriminals. Since […]

The post Rhadamanthys Stealer Offered on Dark Web for $299–$499 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

17 тысяч молодых гигантов выдали главный секрет Млечного Пути.

Als Chinook-transporthelikopters (laag) overvliegen, kunnen ze een rammelend geluid in of aan een woning veroorzaken. Dit wordt ook wel ‘rattle noise’ genoemd. Defensie wil dat verminderen. Directeur-generaal Martin Wijnen van Rijkswaterstaat en luitenant-generaal Elanor Boekholt tekenden hiervoor gisteren op Vliegbasis Gilze-Rijen een samenwerkingsovereenkomst. Daarna bezochten zij in Hulten een woning waar maatregelen worden genomen.

You probably think twice before downloading a random app or opening an unfamiliar email attachment. But how often do you stop to consider what happens when your team downloads and loads a machine learning model? A recent study shows why you should. Researchers from Politecnico di Milano found that loading a shared model can be just as risky as running untrusted code. In their tests, they uncovered six previously unknown flaws in popular machine learning … More →

The post When loading a model means loading an attacker appeared first on Help Net Security.

文章探讨了区块链技术如何实现无中间人账本系统，并分析了加密货币交易中的安全挑战及常见骗局。

​国庆黄金周，高德战斗力拉满。

A vulnerability described as problematic has been identified in Emlog Pro up to 2.5.21. This affects an unknown function of the component Twitter Feature. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-61599. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in Emlog up to 2.5.21. The impacted element is an unknown function of the component Mail Template Settings. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-61597. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Грань между безопасностью и хаосом оказалась тоньше, чем предполагали.