Aggregator

Он не человек. Но бежит так, что Олимпийский комитет должен начать нервничать.

A sophisticated Trojan malware known as SparkKitty has been actively targeting iOS and Android devices since early 2024, infiltrating both official app stores and untrusted websites to steal images from users’ device galleries. This malware campaign, which appears to be an evolution of the previous SparkCat operation, poses significant threats to users primarily in Southeast […]

The post SparkKitty Malware Attacking iOS and Android Device Users to Steal Photos From Gallery appeared first on Cyber Security News.

信息系统应用与安全构建安全可靠的数字未来CCF第40届中国计算机应用大会(CCF NCCA 2025)将于8月

A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and deceive unsuspecting users. The latest XwormRAT campaign represents a significant evolution in malware distribution methodology, […]

The post XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges and gain SYSTEM-level access to affected systems.  The vulnerability, tracked as CVE-2025-6759, affects multiple versions of Citrix Virtual Apps and Desktops and Citrix DaaS platforms, posing significant risks to enterprise environments relying on these virtualization […]

The post Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges appeared first on Cyber Security News.

A critical security vulnerability has been discovered in FortiWeb web application firewalls that enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests.  This vulnerability, classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), represents a significant threat to organizations relying on FortiWeb for web application […]

The post FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code appeared first on Cyber Security News.

日本鹿儿岛县奄美大岛近海附近海域近期观察到一群抹香鲸仰头以“站立”姿态睡觉。奄美海洋生物研究会会长兴克树 6 月 23 日在该岛以西约 15 公里的海域发现并拍摄了这一景象。兴克树回忆称，“这是迄今见过的最大鲸群，也是第一次看到它们的睡姿。非常感动。”兴克树称，在距海面约 3 米深处发现的约 20 头鲸群中，中央的四五头处于类似站着睡觉的状态。身体最长约 14 米。抹香鲸睡眠时间为每天中的近 2 小时，能够遇到这一瞬间十分珍贵。

一款帮助开发者选择颜色并获得 Google 验证徽章的取色器 (color pickers) 扩展看似无害，但安全研究人员称它会劫持浏览器会话、追踪网络活动，在受害者浏览器上植入后门。这款名为 Geco 扩展的下载量逾 10 万次，有 800 条评论，获得 4.2/5 星评价，安全公司 Koi Security 的研究人员称这是名为 RedDirection 的劫持浏览器的网络攻击行动的一部分，该行动涉及 18 个恶意扩展，逾 230 万 Chrome 和 Edge 用户受到影响。研究人员称，这些扩展最初不包含恶意代码，因此能获得 Google 的认证，它们是在后续更新中加入恶意代码的。

多模态知识处理黑科技，360 AI企业知识库加速数字化升级

360发布6月勒索软件流行态势报告，揭示双重勒索攻击格局重构

速修复

速修复

In the previous parts of this series, we've explored the exciting new ways Large Language Models (LLMs) can integrate with APIs and act as intelligent As we integrate LLMs deeper into our applications, the attack surface naturally expands.

Всего несколько тапов — и вы сами дали хакерам все разрешения.

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain ...

Zero Data Retention offers a new path forward. One that enables intelligent automation, deep integrations and real-time workflows — without the baggage of persistent data storage

The post What is Zero Data Retention and Why it May Be the Future of Secure Automation appeared first on Security Boulevard.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

Militairen hebben de afgelopen 2 weken 106 drones onschadelijk gemaakt boven marinekazerne Suffisant op Curaçao. De beveiliging van het luchtruim was nodig vanwege de spraakmakende Themis-strafzaak die daar plaatsvond. Een overzicht van Defensieoperaties in de week van 2 tot en met 8 juli 2025.

The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock

Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services.  These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106.  The vulnerabilities exploit different attack vectors, including HTTP/2 protocol weaknesses, file upload mechanisms, and stream handling capabilities.  […]

The post Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks appeared first on Cyber Security News.