Aggregator

Forrester研究报告显示，高尖技术行业因数据泄露造成的损失就超过20亿美元，而邮件泄密占比高达63%。邮 […]

OpenSSH 10.0 释出。主要变化包括：移除了对 DSA 签名算法的支持，该算法自 2015 年起就默认禁用；默认将后量子加密算法 mlkem768x25519-sha256 用于密钥协商；Portable OpenSSH 支持 systemd 风格的套接字激活（socket activation）；将用户身份验证代码从 sshd-session 二进制移至新的 ssh-auth 二进制，等等。

最近，日本通过其新设立的“官方安全援助”（OSA）机制，向蒙古国提供了一套空中交通管制雷达系统，这一举动看似

在浩瀚的网络海洋中，隐藏着一支神秘的“军队”。他们不拿枪炮，却能在瞬间让千里之外的金融系统瘫痪，让机密信息如

AI垃圾邮件机器人AkiraBot绕过验证码攻击8万网站！

A vulnerability has been found in Apple Safari and classified as critical. This vulnerability affects unknown code of the component Web Content Handler. The manipulation leads to use after free. This vulnerability was named CVE-2025-30427. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple Safari. Affected is an unknown function of the component Web Content Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-24216. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple tvOS. Affected is an unknown function of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-30427. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple iOS and iPadOS. Affected by this vulnerability is an unknown functionality of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2025-30427. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS. Affected by this issue is some unknown functionality of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-30427. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple visionOS. This affects an unknown part of the component Web Content Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-30427. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks for a summary. Just like that, confidential information is ingested into a third-party model beyond your control. Even with data loss prevention (DLP) policies, AI data leaks are challenging to prevent. If the AI system is cloud-based and employees can access it externally, companies may never know … More →

The post How to find out if your AI vendor is a security risk appeared first on Help Net Security.

A new wave of phishing emails is sweeping across Latin America, and once again, Grandoreiro is behind it. This banking trojan is no newcomer; it’s been active for years, evolving steadily into a more sophisticated and evasive threat.   With targeted tactics like geofencing and DNS evasion, Grandoreiro is staying just ahead of standard security solutions.  […]

The post How Banking Trojan Grandoreiro is Evolving Tactics To Attack Victims in LATAM  appeared first on Cyber Security News.

Исследователи выявили новый метод атаки, превращающий в потенциальных киберзлодеев даже детей.

OpenSSH 10.0, a significant update to the widely adopted secure remote login and file transfer toolset, was officially released on April 9, 2025.  This milestone version introduces substantial protocol changes, enhanced security features, and critical improvements to prepare for quantum computing threats. The most notable security enhancement is the implementation of the hybrid post-quantum algorithm […]

The post OpenSSH 10.0 Released With Protocol Changes & Security Upgrades appeared first on Cyber Security News.

From a psychological standpoint, we all crave attention, and likes and comments fuel that need, encouraging us to share even more on social media. In the corporate world, this risk grows exponentially because it’s not just our personal information at stake, but the security of the entire company. Social media oversharing creates a cybersecurity risk for companies Every piece of data we share is like a puzzle piece. LinkedIn reveals job titles, Facebook and Instagram … More →

The post From likes to leaks: How social media presence impacts corporate security appeared first on Help Net Security.

Emerging AI Tools Can Transform SOC Analysts' Jobs But Require New Sets of Skills
In a job market known for its talent shortage and skills gap, the shift to AI-based solutions represents both an opportunity and a call to action. While AI can tackle grunt work with remarkable accuracy, it also demands a new set of skills from the cybersecurity workforce.

Largest Palo Alto Purchase Since 2020 Would Aid AI Model Security and Governance
Palo Alto Networks is eyeing its largest startup deal since December 2020, with the platform giant targeting Protect AI, a startup that offers AI scanning, LLM security and gen AI red teaming. Palo Alto Networks is prepared to pay between $650 million and $700 million for Protect AI, Globes reported.

Tech Giant Says Threat Actors Are Exploiting a Flaw in Widely-Targeted Windows Tool
Ransomware threat actors are exploiting a zero-day vulnerability discovered in a highly targeted Windows logging system tool in a campaign in part targeting U.S. IT and real estate sectors, Microsoft confirmed in a Tuesday blog post urging customers to apply available patches.

Academics Map Out Holistic Cyber Education for Future Defenders in the Age of AI
Cybersecurity education can't be built on tools alone. It must prepare students to think critically, navigate complex systems and address the human dimensions of security. That's the vision behind the new textbook "Cyber Security Foundations: Fundamentals, Technology and Society."