Aggregator

浏览器安全不容忽视。人们大部分工作时间都在浏览器上度过，而攻击者也将大部分攻击目标锁定在浏览器上。

在攻防对抗的网络安全战场中，攻击者的手段日新月异，而防御者亟需一套"攻击者思维"的语言体系。

浏览器安全不容忽视。人们大部分工作时间都在浏览器上度过，而攻击者也将大部分攻击目标锁定在浏览器上。

Ошибки в управлении ключами ставят под удар UEFI-экосистему.

Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.

От звонка до списания: как работает новая тактика мошенников.

新型VanHelsing勒索软件瞄准Windows、ARM和ESXi系统，采用多平台攻击，威胁泄露数据，赎金高达50万美元，隐身模式加密文件，合作伙伴可获80%分成。

The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this

两个不同天文学家团队借助阿塔卡马大型毫米波/亚毫米波阵列（ALMA），在已知最遥远的星系 JADES-GS-z14-0 中发现了氧元素。这一发现将促使天文学家重新思考早期宇宙中星系形成的速度。JADES-GS-z14-0 于2024年由韦伯太空望远镜发现，是迄今为止确认的最遥远星系，距地约 134 亿光年，这意味着人们看到的是其宇宙年龄仅为 3 亿年（大爆炸后3亿年）时的样子。新发现的氧气表明，该星系的化学成熟度远超预期。星系通常在生命伊始就充满了年轻的恒星，这些恒星主要由氢和氦等轻元素构成。随着恒星的演化，它们会产生氧等重元素，这些元素在恒星死亡后被散布到其所在的星系中。研究人员曾认为，在宇宙 3 亿岁时，它仍然太年轻，不可能有富含重元素的星系。然而这两项新研究表明，JADES-GS-z14-0的重元素含量比预期高出约10倍。

A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code Execution (RCE) attacks on nearly all server environments. The vulnerability has been addressed in the […]

The post WordPress Plugin Flaw Exposes 200,000+ Sites at Risk of Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Europol has released its 2025 report on serious and organized crime in the EU. The EU Serious and Organised Crime Threat Assessment (EU-SOCTA) is based on intelligence from EU countries and global law enforcement. The findings are stark. Organized crime is becoming more complex and harmful, with deeper roots across Europe. Organized crime is changing fast The structure of organized crime is shifting. Groups are no longer tied to old ways of working. They’ve adapted … More →

The post How AI, corruption and digital tools fuel Europe’s criminal underworld appeared first on Help Net Security.

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN, […]

Как мошенники зарабатывали на доверии пользователей к Картам.

Quantum computing’s ability to break today’s encryption may still be years away—but security leaders can’t afford to wait. Forrester’s The Future of Quantum Security makes it clear: the transition to quantum-safe cryptography must start now.

Related: Quantum standards come of … (more…)

The post SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today first appeared on The Last Watchdog.

The post SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today appeared first on Security Boulevard.

Name: WolvCTF 2025 (an WolvCTF event.)
Date: March 21, 2025, 11 p.m. — 23 March 2025, 23:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://wolvctf.io/
Rating weight: 47.25
Event organizers: w01verines

A vulnerability classified as problematic was found in Apple watchOS up to 14. This vulnerability affects unknown code. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2024-54467. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple Safari up to 14. This issue affects some unknown processing. The manipulation leads to permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2024-54467. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14. It has been classified as problematic. Affected is an unknown function. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is traded as CVE-2024-54467. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS up to 14. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2024-54467. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.