Aggregator

在新冠疫情爆发五年后，Google 开始强迫部分远程工作员工必须回办公室工作否则他们将面临被解雇。根据内部文件，Google 多个部门通知远程工作的员工必须前往最近的办公室，要求每周必须去办公室至少三天，否则他们的职位可能面临裁减风险。截至去年底 Google 有 18.3 万员工，而两年前这一数字是 19 万。Google 联合创始人 Sergey Brin 此前在内部备忘录中表示，从事 AI 工作的员工每周必须都去办公室工作，每周工作 60 小时最佳。Google 发言人 Courtenay Mencini 表示由公司各个团队决定远程办公员工回办公室工作的要求，这不是整个公司的政策。他表示面对面的协作有助于创新和解决复杂问题。

In a previous article of JPCERT/CC Eyes, we reported on SPAWNCHIMERA malware, which infects the target after exploiting the vulnerability in Ivanti Connect Secure. However, this is not the only malware observed in recent attacks. This time, we focus on...

Microsoft has launched an expanded bug bounty program offering rewards of up to $30,000 for researchers who identify critical vulnerabilities in AI systems within its Dynamics 365 and Power Platform products.  The initiative, announced by Microsoft Security Response, aims to strengthen security in enterprise AI by incentivizing ethical hackers to uncover potential weaknesses before malicious […]

The post Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities appeared first on Cyber Security News.

A sweeping wave of suspicious online activity is putting organizations on alert as hackers ramp up their efforts to probe vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems. Cybersecurity firm GreyNoise has identified a dramatic nine-fold increase in suspicious scanning activity, suggesting coordinated reconnaissance that could foreshadow future exploitation. According […]

The post Hackers Use 1000+ IP Addresses to Target Ivanti VPN Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AI-Powered Tools Protect Containerized Environments Against Sophisticated Attacks
Container security experts skilled in AI-driven defense tools are becoming critical as organizations rely more on containerized applications. These experts must contend with ephemeral workloads, secure CI/CD pipelines and implement real-time anomaly detection to protect cloud-native environments.

European Commission Also Fines Apple 500 Million Euros
European regulators said Facebook conducted an end run around privacy regulations by requiring users to pay a monthly subscription fee or else accept that their personal data would be fed to advertisers. The European Commission fined the social media giant 200 million euros.

Breach Victim Tally Soars Since Firm Filed an Initial Breach Report in Early April
Kelly Benefits is notifying nine large clients and nearly 264,000 individuals that their sensitive personal information was potentially compromised in a December data theft incident. The tally of affected people has climbed eight-fold since the company’s first estimate earlier this month.

2019 Phishing Incident at California-Based PIH Health Affected Nearly 190,000
A regional healthcare network with three California hospitals serving Los Angeles and Orange Counties has agreed to pay federal regulators $600,000 and implement a corrective action plan to resolve potential HIPAA violations identified during an investigation into a 2019 phishing breach.

Series D Round Comes at $3.5B Valuation, Fuels Product Expansion Beyond Containers
Chainguard’s $356 million Series D haul will help it push beyond securing containers to protecting virtual machines and language libraries. CEO Dan Lorenc says customers want security that scales with open-source adoption, especially amid rising software supply chain threats.

根据 Asia Pacific Network Information Center (APNIC)实验室提供的数据，亚洲的 IPv6 覆盖率超过五成。这并不意味着亚洲五成的联网设备依赖 IPv6 地址。它测量的是 APNIC 服务区域内的主机是否支持 IPv6，基于实验室过去 30 天内的网络分析和探查而获得的平均值。中国的 IPv6 覆盖率为 45.28%，IPv6 用户超过 8.1 亿；印度 78.16%，用户 6 亿；日本 58.2%，用户 1 亿；越南 60.18%，用户 5400 万；泰国 50.62%，用户 4500 万；韩国 23.75%，用户 5100 万。American Registry for Internet Numbers (ARIN)服务区域内的 IPv6-覆盖率最高达到 52%，但用户总数比亚洲地区要少得多。

A vulnerability, which was classified as problematic, has been found in Picklescan up to 0.0.24. Affected by this issue is the function ssl.get_server_certificate of the component DNS Handler. The manipulation leads to incomplete blacklist. This vulnerability is handled as CVE-2025-46417. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Первый Zero Day Quest собрал лучших специалистов и принёс более $1,6 млн наград.

A vulnerability classified as critical was found in Westermo WeOS up to 5.23.x. Affected by this vulnerability is an unknown functionality of the component ESP Packet Handler. The manipulation leads to improper validation of syntactic correctness of input. This vulnerability is known as CVE-2025-46419. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Brocade Fabric OS up to 9.1.1d6. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2025-1976. It is possible to launch the attack remotely. There is no exploit available.