Aggregator

Физики нашли способ объяснить мир без лишних сущностей.

A sophisticated social engineering campaign targeting macOS users has emerged, deploying a dangerous stealer malware through an evolved version of the ClickFix attack technique. Named “Matryoshka” after the Russian nesting dolls, this variant uses nested obfuscation layers to hide malicious code from security scanners and automated analysis systems. The attack tricks victims into executing Terminal […]

The post New Clickfix Variant ‘Matryoshka’ Attacking Users to Deploy macOS Stealer Malware appeared first on Cyber Security News.

A vulnerability identified as problematic has been detected in Apple macOS up to 14.7/15.6/26.2. This vulnerability affects unknown code of the component App. Performing a manipulation results in information disclosure. This vulnerability is identified as CVE-2026-20624. The attack is only possible with local access. There is not any exploit available. You should upgrade the affected component.

A vulnerability identified as critical has been detected in Apple macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. Impacted is an unknown function of the component File Handler. Performing a manipulation results in memory corruption. This vulnerability is cataloged as CVE-2026-20609. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apple macOS up to 14.7/15.6/26.2. The affected element is an unknown function of the component Kernel Memory Handler. Executing a manipulation can lead to out-of-bounds read. This vulnerability is registered as CVE-2026-20620. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Apple macOS, watchOS, visionOS, iOS, iPadOS and tvOS up to 26.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Media File Handler. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2026-20611. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 26.1. It has been rated as critical. This impacts an unknown function of the component App. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2025-46283. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Apple iOS, iPadOS and macOS. This impacts an unknown function of the component Media File Handler. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2025-43338. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Apple tvOS, iOS, iPadOS, visionOS, macOS and watchOS up to 26.1. It has been classified as critical. This issue affects some unknown processing of the component HID Device Handler. The manipulation leads to memory corruption. This vulnerability is referenced as CVE-2025-43533. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

Microsoft released Security Dashboard for AI in public preview for enterprise environments. The dashboard aggregates posture and real-time risk signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview into a single view within security tools. Security Dashboard for AI in browser (Source: Microsoft) “The dashboard equips CISOs and AI risk leaders with a governance tool to discover agents and AI apps, track AI posture and drift, and correlate risk signals to investigate and act across … More →

The post Microsoft equips CISOs and AI risk leaders with a new security tool appeared first on Help Net Security.

30 copycat apps tricked users, and Google itself, into thinking they're legitimate AI tools.

队伍名：glzjin.. 阅读更多

Цена одного короткого визита оказалась фатальной для всей системы безопасности.

Warner Bros. Discovery 以每周一集的频率将著名科幻剧集《巴比伦五号（Babylon 5）》上传到 YouTube 供所有人免费观看。第一季第一集《The Gatherin》于 1 月 22 日上传，目前观看量 25 万，第二集《Midnight on the Firing Line》和第三集《Soul Hunter》也都已经发布，这一发布频率沿用了《巴比伦五号》最早播出时的时间表，此举旨在让观众以相同的节奏体验剧情。《巴比伦五号》于 1993 年 2 月 22 日首播，共制作了五季 110 集，故事发生在 2257－2262 年，地球各国、火星、以及比邻星的殖民地组成的“地球联盟”已和其他外星文明接触，并且取得超空间技术可以超光速航行。故事开始之前十年，地球差点在一场星际战争中被明巴利人（Minbari）歼灭，但明巴利人在胜利前夕突然投降。为了避免悲剧重演，双方建立了和平往来的管道，人类建造了巴比伦五号太空站用作和平外交和贸易。此时的巴比伦五号成为了政治阴谋、种族冲突和一场大战的焦点，而地球切断了与盟友的联系，正滑向法西斯主义。

Indrukwekkende beelden van Defensie tijdens het blussen van enorme bosbranden in Spanje. Het materiaal van afgelopen zomer leverde sergeant-majoor Aaron Zwaal de eerste prijs op. De YATA Photo Award ontving de defensiefotograaf afgelopen weekend in München. De internationale wedstrijd eert fotografen die de menselijke essentie van veiligheid, veerkracht en solidariteit vastleggen.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.14.1. This affects the function clear_inode of the file fs/inode.c of the component jfs. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-37925. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1. It has been declared as problematic. This affects the function build_prologue of the component LoongArch. Executing a manipulation can lead to off-by-one. This vulnerability is handled as CVE-2025-37893. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.14.18/5.15.2. This affects the function es58x_rx_err_msg. Executing a manipulation can lead to memory leak. This vulnerability is handled as CVE-2021-47671. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.14.1. This affects the function ef100_process_design_param. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-37860. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1 and classified as problematic. Affected by this vulnerability is the function ext4_empty_dir. Such manipulation of the argument new leads to out-of-bounds read. This vulnerability is traded as CVE-2025-37785. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.