China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP
Researchers said the BRICKSTORM campaign stood out because of its “sophistication, evasion of advanced enterprise security defenses and focus on high-value targets.”
Aggregator
SecWiki News 2025-09-24 Review
8 months 3 weeks ago
Киберстрахование: как россияне научились не бояться хакеров
8 months 3 weeks ago
日本丰明议会通过了每天限制智能手机使用时间在两小时内的法令
8 months 3 weeks ago
日本爱知县(Aichi)丰明(Toyoake)市议会通过了《促进正确使用智能手机》法令,象征性的将智能手机的娱乐性使用时间限制为每天两小时,此举旨在让市民尤其是学生获得充足的睡眠。违反两小时限制的人并不会受到惩罚。法令称,过度使用手机的人及其家人在日常和社交生活中会面临困难,限制每天两小时可能会有所帮助。丰明市有 6.9 万居民,该法案只是建议性的,并不具有约束力。
Unpatched flaw in OnePlus phones lets rogue apps text messages
8 months 3 weeks ago
A vulnerability in multiple OnePlus OxygenOS versions allows any installed app to access SMS data and metadata without requiring permission or user interaction. [...]
Bill Toulas
RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders
8 months 3 weeks ago
Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing a coordinated campaign that exploits legitimate system processes to deliver powerful backdoor capabilities. RainyDay, Turian, and a new variant of PlugX have been systematically abusing DLL search order hijacking techniques to execute malicious loaders, establishing […]
The post RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders appeared first on Cyber Security News.
Tushar Subhra Dutta
Mission Velocity, Mission Assurance: Why Federal Software Security Demands Both
8 months 3 weeks ago
Federal missions are moving faster than ever, and the demand for speed is matched only by the need for greater trust. From implementing zero-trust mandates to deploying AI-powered systems, today's agencies are expected to deliver software that accelerates mission outcomes while maintaining the highest security standards.
The post Mission Velocity, Mission Assurance: Why Federal Software Security Demands Both appeared first on Security Boulevard.
Antoine Harden
Alleged Data Breach of LCBO
8 months 3 weeks ago
Alleged Data Breach of LCBO
Dark Web Informer
Staatsbosbeheer helpt Defensie aan meer ruimte
8 months 3 weeks ago
Staatsbosbeheer biedt Defensie meer ruimte aan. Die heeft de krijgsmacht nodig om militairen op te leiden en te trainen, zo meldt het eerder verschenen Nationaal Programma Ruimte voor Defensie (NPRD). Hiermee moet de natuur in Nederland tegelijkertijd worden versterkt. Om dit voor elkaar te krijgen, hebben beide organisaties vandaag een intentieovereenkomst getekend bij Radio Kootwijk.
Помощник в каждой игре: Google добавил ИИ-компаньона Gemini Live прямо в Play Games
8 months 3 weeks ago
Сможет ли Google повторить успех Steam?
npm Package Uses QR Code Steganography to Steal Credentials
8 months 3 weeks ago
Malicious npm package Fezbox uses QR codes to steal credentials from browser cookies
Alleged Data Breach of Hamdard Pakistan
8 months 3 weeks ago
Alleged Data Breach of Hamdard Pakistan
Dark Web Informer
Police seizes $439 million stolen by cybercrime rings worldwide
8 months 3 weeks ago
In a five-month joint operation led by Interpol, law enforcement agencies have seized more than $439 million in cash and cryptocurrency linked to cyber-enabled financial crimes that impacted thousands of victims worldwide. [...]
Sergiu Gatlan
Double agents: How adversaries can abuse “agent mode” in commercial AI products
8 months 3 weeks ago
As AI assistants become capable of performing actions on behalf of a user, be on the lookout for “AI-in-the-middle (AIitM) attacks”
Alex Walston
G.O.S.S.I.P 阅读推荐 2025-09-24 海妖之歌
8 months 3 weeks ago
OpenSSF 警告开源基础设施不能运行在祈祷之上
8 months 3 weeks ago
Open Source Security Foundation(OpenSSF)警告开源基础设施不能运行在祈祷之上,称开源基础设施并非免费,而现代软件开发背后的重要机制正面临崩溃。Eclipse 基金会、Rust 基金会、Sonatype 和 Python 软件基金会等八个组织在一封公开信中声明,包管理器如 Maven Central、PyPI、crates.io、npm 和 Packagist 每月处理数十亿次下载,但运营的组织经常只能依靠捐赠、拨款和少数赞助商的善意勉强维持。开源基础设施使用的带宽、存储、人员和合规性成本正加速增长。如果没有商业规模的支持,商业规模的使用不可持续。
Iranian-Backed Hackers Turn Their Fake Job Recruitment Scams on Europe
8 months 3 weeks ago
The Iranian-linked Nimbus Manticore, which has run fraudulent job recruiting campaigns primarily in the Middle East, is targeting Western Europe in a new operation that includes using an enhanced backdoor called MiniJunk and sophisticated obfuscation and evasion techniques.
The post Iranian-Backed Hackers Turn Their Fake Job Recruitment Scams on Europe appeared first on Security Boulevard.
Jeffrey Burt
CVE-2025-8869 | pip up to 25.2 on Python TAR Archive symlink
8 months 3 weeks ago
A vulnerability labeled as critical has been found in pip up to 25.2 on Python. Affected is an unknown function of the component TAR Archive Handler. Executing manipulation can lead to symlink following.
This vulnerability is registered as CVE-2025-8869. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
vuldb.com
Эра пара закончилась. Авианосец «Фуцзянь» стал первым, кто запустил истребители J-35 с помощью магнита
8 months 3 weeks ago
Какая она, война будущего?
Qilin
8 months 3 weeks ago
You must login to view this content
cohenido