Aggregator

​当机器开始理解「爱」，或许我们才能更好地理解「人」。

Mozilla has released Firefox version 147.0.3, addressing a critical memory-related flaw that could allow attackers to execute arbitrary code by exploiting a heap buffer overflow issue in the browser’s media processing library. The fix, part of the Mozilla Foundation Security Advisory 2026-10, improves overall browser security across both desktop and Extended Support Release (ESR) versions. The vulnerability, […]

The post Firefox v147.0.3 Released With Fix for Heap Buffer Overflow Vulnerability appeared first on Cyber Security News.

South Korea fined Dior, Louis Vuitton, and Tiffany $25M after hackers breached their Salesforce systems, exposing customer data. South Korea’s Personal Information Protection Commission fined luxury brands including Dior, Louis Vuitton, and Tiffany & Co. a total of 36 billion Korean won ($25 million) after hackers compromised their Salesforce systems. The attack, linked to Scattered […]

Microsoft is enhancing Teams productivity with AI Workflows. This new feature leverages Microsoft 365 Copilot to automate routine tasks through scheduled prompts and intelligent templates. The capability, scheduled to roll out between late January and mid-February 2026, aims to streamline daily operations for enterprise users. AI Workflows operates within the Teams Workflows app and uses […]

The post Microsoft Teams With AI Workflows Use Microsoft 365 Copilot to Automate Tasks via Scheduled Prompts appeared first on Cyber Security News.

Oracle пообещала не бросать свои главные open-source проекты.

Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. [...]

My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight’s Investigator software, part of its Open NDR Platform, is

The rapid adoption of Large Language Models (LLMs) is transforming how SaaS platforms and enterprise applications operate. From embedded copilots and automated support agents to internal knowledge-base search and workflow automation, organisations are increasingly integrating LLM APIs into existing services to deliver faster and more intuitive user experiences. Nevertheless, as adoption accelerates, so too does…

The post Large Language Model (LLM) integration risks for SaaS and enterprise appeared first on Sentrium Security.

The post Large Language Model (LLM) integration risks for SaaS and enterprise appeared first on Security Boulevard.

PDF security guide covering redaction, metadata risks, compliance standards, and safe editing of password-protected files to prevent data leaks.

Editor’s note: The current article is authored by Moises Cerqueira, malware researcher and threat hunter. You can find Moises on LinkedIn. Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users.  In this analysis, […]

The post LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis  appeared first on ANY.RUN's Cybersecurity Blog.

Apple is testing end-to-end encrypted Rich Communications Services (RCS) messaging in the iOS 26.4 developer beta. Apple has added end-to-end encrypted RCS messaging to the iOS and iPadOS 26.4 developer beta. The feature, still in testing, will roll out in a future update across iOS, iPadOS, macOS, and watchOS. Apple notes that E2EE is not […]

Евросоюз готовит стратегию по снижению технологической зависимости от компаний из США.

Trillions in AI infrastructure face systemic failure unless security begins at the chip and ends with the grid.

The post Why ‘secure-by-design’ systems are non-negotiable in the AI era appeared first on CyberScoop.

Palo Alto Network’s incident response firm said identity-based attacks are exploding as poor security controls stretch across a widening mosaic of integrated tools and systems.

The post Unit 42: Nearly two-thirds of breaches now start with identity abuse appeared first on CyberScoop.

The research lab says forensic evidence suggests the phone-cracking technology was used against Boniface Mwangi after his July arrest.

The post Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone appeared first on CyberScoop.

A vulnerability marked as critical has been reported in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. This vulnerability appears as CVE-2026-2623. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as problematic has been found in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-2622. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A sophisticated new Android backdoor that infects device firmware at the build stage and spreads through Google Play apps, enabling attackers to seize remote control over victims’ tablets and phones. Published on February 16, 2026, their detailed analysis reveals how this threat mirrors the Triada Trojan by hooking into the Zygote process, compromising every launched […]

The post Keenadu Android Backdoor Infects Firmware, Spreads via Google Play for Remote Control Access appeared first on Cyber Security News.

Все переходят на MAX?

Submit #751988 / VDB-346274