Aggregator

コニカミノルタ株式会社が提供するbizhubシリーズには、不正な形式のファイルをインポートすることによりサービス運用妨害（DoS）を引き起こされる脆弱性が存在します。

Новый игрок в мире open source.

Researchers at Recorded Future’s Insikt Group documented five distinct clusters of activity attributed to the persistent threat actor Blind Eagle (also tracked as TAG-144) between May 2024 and July 2025. The primary focus of...

The post Blind Eagle’s Expanding Cyber Campaigns: Five Clusters Targeting Colombia’s Government and Beyond appeared first on Penetration Testing Tools.

The group ShadowSilk has been identified as the orchestrator of a new wave of cyberattacks against government institutions across Central Asia and the Asia-Pacific region. According to Group-IB, the number of victims is approaching...

The post ShadowSilk: The Hybrid Espionage Group Targeting Central Asian Governments appeared first on Penetration Testing Tools.

The NPM ecosystem has been struck by a new supply chain attack, this time targeting the Nx project, into whose repository several malicious package versions were uploaded late Tuesday evening. According to researchers at...

The post Supply Chain Attack on a Popular Dev Tool Is Stealing Crypto, Keys, and Tokens appeared first on Penetration Testing Tools.

Anthropic has published a report revealing how malicious actors are increasingly exploiting AI models for attacks and fraud, bypassing existing security measures. The document provides concrete examples showing that agent-based AI systems are no...

The post Criminals Are Weaponizing AI to Automate Cyberattacks at Scale appeared first on Penetration Testing Tools.

От удара мизинца до реакции «бей или беги»… Каждый нерв как на ладони.

A cyberattack on the Swedish company Miljödata, a provider of software solutions for workforce management and occupational safety, has paralyzed operations across roughly 200 municipalities and regions in the country. The disruption affected systems...

The post Ransomware Attack on Swedish Provider Paralyzes 200 Municipalities appeared first on Penetration Testing Tools.

While enterprise IT leaders recognize the transformative potential of AI, a gap in information readiness is causing their organizations to struggle in securing, governing, and aligning AI initiatives across business, according to a survey conducted by the Ponemon Institute. Who is the final authority for setting your organization’s AI strategy? (Source: Ponemon Institute) 73% of CIOs, CISOs, and other IT leaders believe reducing information complexity is key to AI readiness. “Without trusted, well-governed information, AI … More →

The post AI can’t deliver without trusted, well-governed information appeared first on Help Net Security.

文章介绍了1977年发现的神秘“Wow!信号”及其可能的外星起源，并介绍了新项目Wow@Home，旨在通过全球小型射电望远镜网络提高检测类似事件的能力。这些低成本设备可全天候运行，覆盖全球天空并协同工作以减少干扰，但灵敏度和分辨率有限。项目将监测氢线频率，并使用特定硬件进行研究。

Generative AI is now assisting in selecting patches for backporting into the stable branches of Linux, including long-term support (LTS) releases. Sasha Levin, the LTS maintainer, recently advanced updates to kernel documentation regarding the...

The post AI Is Now a Linux Kernel Assistant, Helping Maintainers Backport Patches appeared first on Penetration Testing Tools.

Congressman David Schweikert (Republican, Arizona, District AZ-01) has introduced the Cybercrime Marque and Reprisal Authorization Act of 2025 (H.R. 4988) in the House of Representatives. The bill, registered on August 15, 2025, has been...

The post Cyber Privateers? A New Bill Revives a Historic Law to Fight Cybercrime appeared first on Penetration Testing Tools.

Sangoma has issued an urgent alert regarding an actively exploited zero-day vulnerability in FreePBX installations where the Administrator Control Panel (ACP) is exposed to the internet. FreePBX, an open-source IP-PBX built on Asterisk, is...

The post Sangoma Issues Warning: Zero-Day Vulnerability Actively Exploited in FreePBX appeared first on Penetration Testing Tools.

According to a report by Microsoft Threat Intelligence, the group Storm-0501 has shifted its focus from traditional on-premises ransomware campaigns to tactics centered on cloud services. Whereas in the past attackers deployed encryptors onto...

The post How Storm-0501 is Pivoting to Cloud-Native Attacks appeared first on Penetration Testing Tools.

Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. "The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef," Truesec researchers Mattias Wåhlén, Nicklas

网络安全研究人员发现了一起利用恶意广告将受害者引导至欺诈网站的网络犯罪活动,旨在传播名为TamperedChef的信息窃取恶意软件。攻击者通过推广一个名为AppSuite PDF Editor的假PDF编辑器,诱导用户下载安装被篡改的程序。该程序在后台连接到外部服务器下载PDF编辑器,并设置持久性机制确保下次启动时自动运行。研究人员指出,该恶意软件具备后门功能,能够执行多种恶意操作,包括下载其他恶意软件、窃取数据和修改注册表等。

The U.S. National Security Agency, the U.K.’s National Cyber Security Centre, and partners from more than ten countries have attributed the global Salt Typhoon operations to three Chinese technology companies. Now, the FBI and...

The post NSA, CISA, & Partners Expose Chinese APT Groups appeared first on Penetration Testing Tools.

1.Qilin勒索团伙公布了新的受害者 2.Play勒索团伙公布新的受害公司 3.INC Ransom团伙公布新的受害公司

Jean-Michel Friedt在WHY2025会议上展示了如何利用软件定义无线电（SDR）实现被动和主动雷达技术，包括信号处理方法及嵌入式系统应用，并探讨了合成孔径雷达的实现。

A vulnerability, which was classified as problematic, was found in Microsoft Azure DevOps Server and Team Foundation Server. Affected is an unknown function. Such manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2020-17145. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.