Aggregator

Qilin

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

Car Tyre Sensors Can Be Used to Track Drivers Without Their Knowledge

Hack Read
1 month 2 weeks ago
New research from IMDEA Networks reveals how unencrypted signals from tyre pressure sensors in brands like Toyota and Mercedes can be used for covert vehicle tracking. Learn how these low-cost systems can map out your daily routines and why current regulations fail to protect driver privacy.
Deeba Ahmed

From phishing to Google Drive C2: Silver Dragon expands APT41 playbook

Security Affairs
1 month 2 weeks ago
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting […]
Pierluigi Paganini

Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement

Security Boulevard
1 month 2 weeks ago

This article was originally published in Cyber Defense Magazine on 02/09/26 by Charlie Sander. The Illuminate incident serves as a crucial reminder to edtech vendors of the potential backlash that can occur when privacy promises are not upheld In a recent complaint, the FTC addresses Illuminate Education’s need to strengthen its data security after a breach ...

The post Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement appeared first on Security Boulevard.

Charlie Sander

TikTok 拒绝端对端加密私信,称会让用户不安全

Solidot
1 month 2 weeks ago
TikTok 拒绝提供端对端加密技术去加密私信,理由是会让用户不安全。端对端加密意味着只有私信的发送者和接收者能查看内容,Facebook、Instagram、Messenger 和 X 等都声称私信使用了端对端加密以最大程度的保护用户隐私,但端对端加密也让执法机构无法查看任何私信内容,无法阻止有害内容的传播。TikTok 表示端到端加密会防止警方和安全团队在必要时读取用户的私信,它希望能保护用户,尤其是年轻用户,免受伤害。TikTok 声称在英国有 3000 万月活用户,全球用户逾 10 亿。

Njordium Vendor Management System eliminates duplicate third-party assessments

Help Net Security
1 month 2 weeks ago

Njordium Cyber Group has launched its Vendor Management System (VMS), a platform that eliminates the costly duplication of third-party assessments under Europe’s overlapping regulations. 70% of European organisations suffered a data breach in the past three years, and 77% of those breaches originated with a vendor or third party (Whistic, Third-Party Risk Management 2025 Impact Report). The average third-party risk team now spends more than 37 hours a week on repetitive administration, and is still … More →

The post Njordium Vendor Management System eliminates duplicate third-party assessments appeared first on Help Net Security.

Industry News

New RFP Template for AI Usage Control and AI Governance 

The Hackers News
1 month 2 weeks ago
As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actually looking for. The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements? As AI
The Hacker News

CVE-2025-48636 | Google Android 16 BugreportContentProvider.java openFile path traversal (EUVD-2025-208215)

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in Google Android 16. It has been rated as critical. The affected element is the function openFile of the file BugreportContentProvider.java. Performing a manipulation results in path traversal. This vulnerability was named CVE-2025-48636. The attack needs to be approached locally. There is no available exploit. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2026-0005 | Google Android 14/15/16 KeyguardServiceDelegate.java onServiceDisconnected information disclosure

Vuldb Updates
1 month 2 weeks ago
A vulnerability categorized as problematic has been discovered in Google Android 14/15/16. This affects the function onServiceDisconnected of the file KeyguardServiceDelegate.java. The manipulation results in information disclosure. This vulnerability is known as CVE-2026-0005. Attacking locally is a requirement. No exploit is available. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2025-0031 | AMD EPYC 9004 Processors use after free (Nessus ID 300518)

Vuldb Updates
1 month 2 weeks ago
A vulnerability has been found in AMD EPYC 9004 Processors, EPYC 7003 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 7003 Processors, EPYC Embedded 9003 Processors, EPYC Embedded 9005 Processors, EPYC Embedded 9004 Processors and EPYC Embedded 8004 Processors and classified as critical. Impacted is an unknown function. The manipulation leads to use after free. This vulnerability is listed as CVE-2025-0031. The attack must be carried out locally. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2025-29946 | AMD EPYC 9005 Processors/EPYC Embedded 9005 Processors Hardware insufficient or incomplete data removal within hardware component (Nessus ID 300520)

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in AMD EPYC 9005 Processors and EPYC Embedded 9005 Processors. It has been classified as problematic. The impacted element is an unknown function of the component Hardware. This manipulation causes insufficient or incomplete data removal within hardware component. This vulnerability is registered as CVE-2025-29946. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

Managed ad