Aggregator

Semperis Warns of Flaw in Windows Server 2025 Delegated Managed Service Accounts
A critical cryptographic flaw in Windows Server 2025's delegated Managed Service Accounts, or dMSAs, allows attackers to generate passwords for every managed service account across an Active Directory forest and create a backdoor, Semperis researchers found.

3 State-Sponsored Groups Spear-Phish Semiconductor Ecosystem
Chinese state-aligned hackers have ramped up espionage efforts against Taiwan's semiconductor ecosystem through spear-phishing campaigns. Three distinct threat actors targeted chipmakers, packaging and testing firms, equipment suppliers and financial analysts.

Cybersecurity researchers have uncovered a sophisticated technique where threat actors are exploiting DNS infrastructure to covertly store and distribute malware, turning the internet’s domain name system into an unwitting accomplice for malicious activities. The discovery reveals how attackers can hide executable files within DNS TXT records, creating a stealthy delivery mechanism that bypasses traditional security […]

The post Hackers Abuse DNS Blind Spots to Stealthily Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

96% of organizations are deploying AI models, and virtually no organization can move into the future without considering how ML and intelligent apps might soon affect its operations, according to F5. Only 2% of global organizations are highly ready to scale AI securely across operations. The report compiles insights from 650 global IT leaders and additional research with 150 AI strategists, representing organizations with at least $200 million in annual revenue. AI adoption outpaces governance … More →

The post AI adoption is booming but secure scaling not so much appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2025-07-18, 68 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-07-18, 68 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of Trend Research' was reported to the affected vendor on: 2025-07-18, 11 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Research' was reported to the affected vendor on: 2025-07-18, 69 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Xiaobye(@xiaobye_tw) of DEVCORE Research Team' was reported to the affected vendor on: 2025-07-18, 48 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-07-18, 73 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), William Gamazo Sanchez, and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-18, 76 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), William Gamazo Sanchez, and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-18, 76 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), William Gamazo Sanchez, and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-18, 76 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

文章描述了一种针对微信的安全漏洞攻击方式：攻击者通过篡改聊天记录中的文件元数据或内容，诱导用户点击并下载恶意文件。微信客户端在解析过程中误将恶意文件识别为正常文件，并自动从攻击者控制的服务器下载该文件。随后，攻击者利用路径穿越技术将恶意.lnk快捷方式写入用户的系统启动目录。当用户重启电脑时，恶意快捷方式会被触发，调用远程恶意代码，导致攻击者获得用户电脑的控制权（RCE）。

智能体的核心基石技术分析

Epic游戏商城限时免费赠送《席德·梅尔的文明®VI 白金版》，包含多个DLC和资料片。该版本时隔5年再次限免，《文明VI》是一款高评分回合策略单机游戏，玩家可建立帝国并发展至信息时代。

Buy Now, Pay Later (BNPL) apps are everywhere these days. Whether you’re buying sneakers or groceries, chances are you’ve seen the option to split your payments over time. It’s quick and easy. But behind the convenience is a growing privacy concern that most users know little about. A new study from Incogni digs into just how much personal information BNPL apps collect and share. The research looked at eight of the most popular BNPL apps … More →

The post Buy Now, Pay Later… with your data appeared first on Help Net Security.

本次微访谈于7月14日举行，邀请了8位专家分享了自己的观点和看法。

文章介绍了Reddit的应用下载和登录功能，并提供了导航指引。

一个开放的黑客社区，帮助新手到老手提升地下技能，并通过Discord保持活跃。