Aggregator

Sex toy maker Tenga says a hacker accessed an employee’s email account, potentially exposing customer names, emails, and order details. TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125–200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal […]

灵蛇圆满辞旧岁，骏马奔腾迎新春。乙巳蛇年的脚步声渐行渐远，丙午马年的钟声即将敲响。

Event Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH—valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date. The attack exposed critical vulnerabilities […]

The post Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist appeared first on Security Boulevard.

Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. [...]

A vulnerability marked as problematic has been reported in glib-networking. Impacted is the function g_tls_client_connection_openssl_get_property of the component OpenSSL Backend. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2026-2574. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as critical has been found in RegistrationMagic Plugin up to 6.0.2.1 on WordPress. This issue affects some unknown processing. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-0929. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

Средняя сумма одной кражи с карты впервые упала ниже 6 тысяч рублей.

A critical vulnerability tracked as CVE-2026-1731 is being actively exploited in the wild, enabling attackers to gain full domain control over affected systems. Threat actors are leveraging this flaw to execute operating system commands remotely without authentication. The flaw, discovered in self-hosted BeyondTrust deployments, allows unauthenticated attackers to run arbitrary OS commands via specially crafted HTTP requests, executing […]

The post Critical BeyondTrust Vulnerability Exploited in the Wild to Gain Full Domain Control appeared first on Cyber Security News.

ИИ научился у людей самой вредной привычке – добавлять детали там, где нужно резать.

В этой статье, состоящей из двух частей, мы рассмотрим некоторые из сложнейших математических задач, которые остаются нерешенными по сей день.  

G.O.S.S.I.P 编辑部给大家拜个年，给大家播放一段AI喜欢的《春节序曲》

Сбежать с «фабрики обмана» и обнаружить, что на свободе ты тоже никому не нужен…

The CISO role has changed significantly over the past decade, but according to John White, EMEA Field CISO, Torq, the most disruptive shift is accountability driven by agentic AI. In this Help Net Security interview, White explains how security leaders must design and govern hybrid workforces where humans and AI agents operate side by side, making decisions and acting at scale. He notes that automation is moving beyond simple task execution into real-time insight and … More →

The post Security at AI speed: The new CISO reality appeared first on Help Net Security.

AI automation, RaaS, a significant bump in vulnerability disclosures, and a rise in new ransomware gangs are reshaping the threat landscape and forcing defenders to change strategies.

The post AI and RaaS Alter Threat Landscape, New Ransomware Groups Grow by 30% appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.1.152/6.6.106/6.12.47/6.16.7/6.17-rc5. It has been declared as critical. This impacts the function xcan_write_frame. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2025-39873. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.152/6.6.106/6.12.47/6.16.7/6.17-rc5. This affects the function edma_setup_from_hw of the component dmaengine. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2025-39869. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.106/6.12.47/6.16.7/6.17-rc5. This issue affects the function idxd_free in the library lib/refcount.c of the component dmaengine. Executing a manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2025-39871. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Linux Kernel up to 6.16.7/6.17-rc5. Impacted is the function hsr_get_port_ndev of the component hsr. The manipulation leads to use after free. This vulnerability is listed as CVE-2025-39872. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to ed2c66000aa64c0d2621864831f0d04c820a1441. This vulnerability affects the function idxd_setup_wqs of the component dmaengine. Performing a manipulation results in uninitialized pointer. This vulnerability is identified as CVE-2025-39870. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing a manipulation of the argument confirm can lead to sql injection. The identification of this vulnerability is CVE-2025-10843. The attack may be launched remotely. Furthermore, there is an exploit available.