Aggregator

Почему слёзы, истерики и обход ограничений — это не просто детские капризы.

Защищённый мессенджер превратился в инструмент наблюдения за элитами.

There are many ways in which AI is increasing risk, extending beyond third parties to affect all aspects of our security programs.

The post Beyond Traditional Vendor Management: Navigating AI Risks in the Supply Chain  appeared first on Security Boulevard.

Новые трюки этого вредоноса заставят вас пересмотреть свою безопасность.

Аналитик-любитель ошибся в X, и США убили восемь человек.

A vulnerability was found in AlphaEfficiencyTeam Custom Login and Registration Plugin up to 1.0.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-39363. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Newsletter Plugin up to 8.7.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-3583. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Никаких взломов — просто установите пакет и попрощайтесь с данными.

Recently OpenAI added an additional memory feature called “chat history”, which allows ChatGPT to reference past conversations. The details of the implementation are not known. The documentation highlights that: “It uses this to learn about your interests and preferences, helping make future chats more personalized and relevant.”

I decided to spend some time to figure out how it works.

Update: Video Tutorial Added

Based on the interest in this post, I’ve also created a video tutorial.

Оказалось, что будущее искусственного интеллекта измеряется не в гигафлопсах, а в долларах.

CISOs know cyber risk is business risk. Boards don’t always see it that way.​ For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing and regulations tightening, that’s changing. Boards now expect CISOs to speak their language: risk, dollars, impact.​ Here’s how security leaders can get through, with real-world tips on making cybersecurity resonate in the boardroom. Translate risk into dollars … More →

The post How CISOs can talk cybersecurity so it makes sense to executives appeared first on Help Net Security.

Mickey Bresman Discusses Gaps in Preparedness and Tabletop Execution
Security leaders are placing more focus on cyber resilience as regulations tighten worldwide. Mickey Bresman, CEO at Semperis, said frameworks such as the SEC’s cybersecurity disclosure rule and Europe's DORA regulation are forcing organizations to build and test disaster recovery plans.

Ulla Coester on Ethical Design and the Role of the EU AI Act
Unclear threats and unpredictable behavior complicate global trust in AI. Building a shared understanding through adaptable governance helps create consistent expectations for responsible development across societies, said Ulla Coester, project director, Fresenius University of Applied Sciences.

История стандарта, который все одобряют, но при этом отчаянно избегают.

The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast

近期，国家互联网信息办公室会同有关部门发布《终端设备直连卫星服务管理规定》，将于2025年6月1日起施行。《规定》是我国首个专门就终端设备直连卫星出台的规范性文件，对促进和规范我国终端设备直连卫星服务健康发展具有重要意义。

中国国家网络与信息安全信息通报中心通过支撑单位发现一批境外恶意网址和恶意IP，境外黑客组织利用这些网址和IP持续对中国和其他国家发起网络攻击。

In this Help Net Security interview, Stuart Clarke, CEO at Blackdot Solutions, discusses the strategic use of open-source intelligence (OSINT) in tackling financial crime. He outlines its application in areas such as fraud, sanctions evasion, and money laundering, and addresses the legal, ethical, and operational challenges involved. Clarke also provides case studies illustrating how OSINT has been used to uncover criminal networks. Are there specific financial crime typologies, such as fraud, money laundering, or sanctions … More →

The post How OSINT supports financial crime investigations appeared first on Help Net Security.

Как скандал с видеоплатформой может перевернуть всю торговую войну?

National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse, have highlighted specific technical measures that organizations […]

The post NCSC Warns of Ransomware Attacks Targeting UK Organisations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.