Aggregator

关键词Microsoft当地时间 10 月 29 日中午，微软在例行配置更改过程中发生错误，引发全球性云平台中

A new dark web analysis reveals more than 300 million records have been breached in 2025 to date

A sophisticated malware campaign targeting developers has been operating since August 2025, deploying 126 malicious npm packages that have collectively accumulated over 86,000 downloads. The attack, now identified as PhantomRaven, has been actively harvesting npm authentication tokens, GitHub credentials, and CI/CD pipeline secrets from developers across the globe while employing advanced detection evasion techniques that […]

The post PhantomRaven Attack Involves 126 Malicious npm Packages with Over 86,000 Downloads Hiding Malicious Code appeared first on Cyber Security News.

Как ферментация внутри животного создаёт вкус, который покоряет гурманов и пугает скептиков.

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s

Former US defense contractor exec Peter Williams pled guilty to stealing trade secrets and selling cyber exploits to a Russian broker, per the US DOJ. Ex-US defense contractor Peter Williams (39) admits stealing US trade secrets and selling cyber exploits to a Russian broker. Williams, an Australian national, pleaded guilty to stealing and selling U.S. […]

速修复

这些扩展同时存在于微软官方VSCode市场和OpenVSX平台，主要针对使用AI辅助编程和DevOps工具的开发者。

A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security firm Wiz, revealing a use-after-free memory corruption issue that enables attackers to escape the Lua sandbox and […]

The post Critical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

360AI企业知识库智能化全面重塑企业知识管理，实现从“能用”到“AI可用”的华丽转身，迈向知识管理的新高度！

政企校协同共建，打造教育安全“石家庄模式”

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first

Модель позволяет выполнять задачи в Cursor менее чем за 30 секунд.

文章介绍了动态二进制插桩（DBI）及其在Windows 11上使用DynamoRIO框架构建工具的方法。DBI用于在运行时分析和修改二进制文件，适用于恶意软件分析、安全审计等场景。文章还比较了不同插桩框架的特点，并提供了使用DynamoRIO的步骤和示例代码。

​AI 视频创作，从极客专属到人人可用，一共需要几步？

10月29日晚，绿盟科技发布了2025年三季度报告。

随着数字技术的迅猛发展，算法权力异军突起，并深度嵌入公共治理领域。然而，数字技术赋能公共治理并不必然带来治理正义，反而因算法不透明、数据偏见与资本操控等引发“数字正义赤字”问题，甚至使算法异化为新型权力垄断工具。

经国家计算机病毒应急处理中心检测，70款移动应用存在违法违规收集使用个人信息情况，现通报如下。

网络靶场作为国家网络安全体系建设的关键基础设施，在提升网络安全实战能力、培养专业人才以及验证安全性能方面发挥着重要作用。然而，传统网络靶场在仿真逼真度、场景动态性等方面面临诸多挑战，难以完全满足日益复杂化、智能化网络威胁对抗的需求。