Aggregator

Currently trending CVE - Hype Score: 9 - Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity ...

近期，我们监测到一类通过低价出售Steam游戏激活码的恶意攻击活动。攻击者通过伪装官方工具诱导用户执行恶意脚本，进而植入恶意组件并窃取用户信息。

Security researchers at NeuralTrust have uncovered a critical vulnerability in OpenAI’s Atlas browser that allows attackers to bypass safety measures by disguising malicious instructions as innocent-looking web addresses. The flaw exploits how the browser’s omnibox interprets user input, potentially enabling harmful actions without proper security checks. The Omnibox Vulnerability Explained Atlas features an omnibox that […]

The post ChatGPT’s Atlas Browser Jailbroken to Hide Malicious Prompts Inside URLs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

关键词YouTube一个恶意的 YouTube 网络近期被发现大量发布和推广含有恶意软件下载链接的视频，利用这

关键词网络攻击网络安全研究人员近期发现，一款新型远程访问木马（RAT）正在瞄准游戏玩家群体。

关键词数据泄露勒索软件组织 Everest 再次在其暗网泄露站点上发布声称的攻击成果，将都柏林机场（Dubli

关键词网络犯罪臭名昭著的网络犯罪论坛 BreachForums 再次出现在网络上，这次通过清网域名提供访问，无

UK Finance reveals a 3% increase in the value and 17% increase in the volume of fraud in H1 2025

The notorious Mem3nt0 mori hacker group has been actively exploiting a zero-day vulnerability in Google Chrome, compromising high-profile targets across Russia and Belarus. Dubbed CVE-2025-2783, this flaw allowed attackers to bypass Chrome’s robust sandbox protections with minimal user interaction, leading to the deployment of sophisticated spyware. Discovered by Kaspersky researchers in March 2025, Google swiftly […]

The post Chrome 0-Day Vulnerability Actively Exploited in Attacks by Notorious Hacker Group appeared first on Cyber Security News.

天文学家首次在银河系以外的冰层中，发现构成生命的化学基础物质。在大麦哲伦星系一颗新生恒星周围的冰层中，研究团队侦测到乙醇（ethanol）、乙醛（acetaldehyde）与蚁酸甲酯（methyl formate）等复杂有机分子，这是人类首次在银河系外的冰冻物质中找到这些化合物。此外，他们还首次在宇宙中发现固态冰的乙酸（acetic acid），过去仅观测到以气态存在的乙酸。研究揭示生命化学的基础成分可能广泛存在于宇宙中，而非仅限于银河系之内。与银河系相比，大麦哲伦星系的金属量仅约为其三分之一至二分之一。所谓「金属」在天文学上指氦以外的所有元素，因此该星系的氧、碳、矽等含量相对贫乏。它的尘埃也较少，使光线更容易穿透，同时频繁的恒星诞生活动释放强烈紫外线辐射，这使得在此环境下形成复杂有机分子的机制更值得探究。

Шпион Dante воскрес после утечки Hacking Team.

一项发表在 arXiv 的研究发现，AI 模型的谄媚程度比人类高 50%。该研究测试了 11 个广泛使用的大模型对 1.15 多万个咨询请求的响应情况，其中不乏涉及不当行为或有害行为的请求。包括 ChatGPT 和 Gemini 在内的AI聊天机器人，常常会鼓励用户、给出过度奉承的反馈，还会调整回应以附和用户观点，有时甚至会为此牺牲准确性。研究 AI 行为的科研人员表示，这种取悦他人的倾向即“谄媚性”，正影响着他们在科研中使用 AI 的方式，涵盖从构思创意、生成假设到推理分析等各类任务。arXiv 上的另一项研究旨在验证 AI 的谄媚性是否会影响其解决数学问题的能力。研究人员从今年举办的数学竞赛中选取了 504 道题目，对每道题的定理表述进行修改，植入不易察觉的错误，随后让 4 个大模型为这些存在缺陷的表述提供证明。测试结果显示，GPT-5 的谄媚性最低，仅 29% 的回答存在谄媚行为；而 DeepSeek-V3.1 的谄媚性最高，70% 的回答带有谄媚倾向。研究人员指出，尽管这些大模型具备识别数学表述中错误的能力，但它们“就是会默认用户的说法是正确的”。

已修复

速修复

Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research found that the Qilin ransomware group (aka Agenda) used a Linux ransomware binary on Windows systems via legitimate remote tools, bypassing Windows defenses and EDRs. The cross-platform method enables stealthy attacks, stealing backup credentials […]

For the latest discoveries in cyber research for the week of 27th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Toys “R” Us Canada has suffered a data breach that resulted in stolen customer records being leaked on the dark web. The compromised data affects an undisclosed number of individuals and includes […]

The post 27th October – Threat Intelligence Report appeared first on Check Point Research.