Aggregator

Link11 has achieved Payment Card Industry Data Security Standard (PCI-DSS) Level 1 certification. This is the highest level of security and compliance in the payment industry, which reinforces the company’s existing security standards. A uniform security framework now applies to all products and services across the entire group. “PCI-DSS Level 1 certification for our entire […]

The post Link11 achieves PCI DSS Level 1 and establishes uniform security standard appeared first on Link11.

Cybersecurity breaches often stem not from advanced exploits but from human error, misconfigurations, and routine mistakes. True resilience comes from designing systems that expect failure, leverage automation wisely, and foster a security-first culture through simulations, guardrails, and psychological safety.

The post Can We Really Eliminate Human Error in Cybersecurity?  appeared first on Security Boulevard.

文章指出网络安全的核心问题在于人类行为而非技术漏洞。人为错误如点击恶意链接、重复密码等是主要威胁。设计应考虑人类本能和压力下的反应，通过模拟攻击、自动化工具和红队演练提升安全性，并建立支持员工报告问题的文化环境。

文章探讨了人工智能的普及及其背后的计算机制，解释了人工神经网络的工作原理及其与生物神经系统的区别，并提出用“高级推理”重新定义AI以更准确地反映其能力。

Ook Nederland is doelwit geweest van de wereldwijde cyberspionagecampagne van de Chinese hackorganisatie Salt Typhoon. Dat melden de Nederlandse inlichtingen- en veiligheidsdiensten MIVD en AIVD vandaag.

印度新德里法庭上周批准了三大期刊出版商 Elsevier、Wiley 和 American Chemical Society 的请求，命令电信公司在三天内在印度屏蔽访问 Sci-Hub 和 Sci-Net。此后印度网民将只能通过 VPN 等工具访问 Sci-Hub。Sci-Hub 创始人 Alexandra Elbakyan 解释了该平台自 2022 年停止发布新论文的原因：多数大学图书馆推行了双因素身份验证，它无法再使用学生或研究人员的共享用户名和密码自动登录图书馆下载新论文。为了获取新论文，她创建了基于区块链的新平台 Sci-Net，2025 年 4 月上线，但该项目很快遭到了期刊出版商的投诉。她谴责了印度司法机构会为了少数富有外国公司的利益而忽视印度学生和研究人员的需求。

黑客利用Salesloft平台窃取OAuth令牌，进而访问Drift AI聊天机器人相关数据。威胁组织UNC6395通过这些令牌从Salesforce获取大量信息，包括AWS和Snowflake凭证。Google Threat Intelligence Group和Mandiant已介入调查，并建议受影响组织撤销API密钥并轮换凭证以应对潜在风险。

Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat […]

Common Mark Certificates (CMC) and Verified Mark Certificates (VMC) both enable brand logos in email inboxes via BIMI, boosting trust, security, and deliverability. The key difference? VMCs require trademark validation and show a blue checkmark in Gmail, while CMCs are faster and more affordable but have limited support. Learn which option fits your email security and branding goals.

The post What’s the difference between CMC and VMC certification? appeared first on Security Boulevard.

Common Mark Certificates (CMC)和Verified Mark Certificates (VMC)通过BIMI标准在邮箱中显示品牌Logo，增强信任和安全性。VMC需商标验证并在Gmail显示蓝色勾选标记，而CMC更快速、经济但支持有限。选择取决于品牌目标、商标状态及预算。

NetScaler has issued an urgent advisory warning administrators of three newly discovered vulnerabilities in NetScaler ADC and NetScaler Gateway—one of which is already being actively exploited. Updates are now available, and the vendor strongly...

The post CVE-2025-7775: NetScaler Zero-Day Is Under Active Attack appeared first on Penetration Testing Tools.

Mozilla Firefox发布v142.0.1错误修复版，解决标签拖动、文本光标、游戏手柄崩溃等问题。用户可通过关于页面、离线安装或微软商店更新，并根据处理器选择64位或Arm64版本。

A newly discovered critical vulnerability in Docker Desktop has placed Windows users at significant risk. Tracked as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale, the flaw enables attackers to bypass...

The post Critical Docker Desktop Flaw Allows Attackers to Escape Containers and Hijack the Host appeared first on Penetration Testing Tools.

MathWorks, the developer of the widely used software MATLAB and SIMULINK, has disclosed a major ransomware attack that has impacted thousands of its users. The incident occurred in the spring of 2025, but its...

The post Ransomware Attack on MathWorks Exposes Data of Over 10,000 Users appeared first on Penetration Testing Tools.

企业引入AI代理提升生产力的同时面临新风险：传统安全模型无法应对这些智能实体的动态行为和潜在威胁。零信任架构存在局限性，需引入Agentic Identity and Security Platforms（AISP）实时监控和管理AI代理的权限与行为，以应对新兴威胁。

Drift has disclosed details of a security incident involving its Salesforce integration. Between August 8 and August 18, 2025, an unknown actor exploited OAuth credentials to extract data from customer Salesforce instances. According to...

The post Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens appeared first on Penetration Testing Tools.

闪迪推出WD Blue SN5100固态硬盘，继续使用WD品牌名称。该产品采用PCIe 4.0接口和无缓存设计，搭载铠侠BiCS8 QLC闪存颗粒。提供500GB至4TB容量选项，1TB版本售价约572元人民币。尽管性能较前代提升25%-30%，但QLC颗粒和价格可能让部分用户犹豫。

In August of this year, specialists from Israel’s National Digital Agency uncovered a large-scale campaign known as ShadowCaptcha, designed to compromise users through more than a hundred hacked WordPress websites. These sites had been...

The post ShadowCaptcha: A New Malware Campaign Uses Fake CAPTCHAs to Steal Data appeared first on Penetration Testing Tools.

双方将携手探索区块链安全融合方案，引领行业标准，助力生态安全发展。

Researchers at Check Point Research have uncovered a new targeted campaign, dubbed ZipLine, which leverages the malicious tool MixShell against industrial and high-tech companies. The hallmark of this operation lies in its unorthodox delivery...

The post ZipLine: New Campaign Triggers Victims to Call Hackers appeared first on Penetration Testing Tools.