Aggregator

Готовимся смотреть кино в AR-очках, где ничего не видно (но очень высокотехнологично).

A new zero-click attack dubbed Shadow Escape exploits the Model Context Protocol (MCP) to silently steal sensitive data via popular AI agents such as ChatGPT, Claude, and Gemini. This vulnerability, uncovered by Operant, allows malicious actors to exfiltrate personally identifiable information, including Social Security numbers and medical records, without user interaction or detection by traditional […]

The post First Zero Click Attack Exploits MCP and Connected Popular AI Agents To Exfiltrate Data Silently appeared first on Cyber Security News.

A significant security vulnerability has emerged affecting QNAP’s NetBak PC Agent software through a critical flaw in Microsoft ASP.NET Core. The vulnerability, tracked as CVE-2025-55315, exploits HTTP Request Smuggling techniques to bypass essential security controls and could expose thousands of backup-dependent systems to unauthorized access and data manipulation. Attribute Details CVE ID CVE-2025-55315 Vulnerability Type […]

The post Critical QNAP .NET Flaw Lets Attackers Bypass Security Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

微软支持的 OpenAI 与亚马逊和 Google 支持的 Anthropic 采用了不同商业模式。OpenAI 主要面向大众市场，130 亿美元年收入中企业收入仅占 30%。相比下，Anthropic 八成的收入来自企业客户。Anthropic 上个月表示它有 30 万家企业客户。在辅助编程市场，Anthropic 的 Claude 模型占了 42%，OpenAI 占 21%。在企业 AI 市场，Anthropic 占 32%，而 OpenAI 占 25%。Anthropic 目前的年收入为 70 亿美元，预计年底将达到 90 亿美元，在每用户收入上远超其更知名的竞争对手。相比 OpenAI，Anthropic 的增长途径更容易被企业客户理解。OpenAI 在大众市场的吸引力有可能让企业客户却步，因为它们希望 AI 更枯燥实用，而不是更有趣前卫。

Two British teenagers are set to stand trial over last year’s cyberattack on London’s transport system — an

The post Scattered Spider: Two Teens Face Trial Over £39M London Transit Cyberattack appeared first on Penetration Testing Tools.

On October 25, 2025, in Hanoi, Vietnam, the signing ceremony for the world’s first global United Nations Convention

The post Historic UN Cybercrime Convention Signed in Hanoi by 72 Nations appeared first on Penetration Testing Tools.

In March 2025, Kaspersky Lab recorded a surge of infections triggered when users followed personalized phishing links sent

The post Operation ForumTroll: Chrome Zero-Day (CVE-2025-2783) Used to Deploy Italian Spyware appeared first on Penetration Testing Tools.

Incode Technologies has launched Agentic Identity, a solution that enables enterprises to verify, authorize, and continuously monitor autonomous AI agents that they interact with. By linking every agent to a verified human owner, enforcing explicit consent and scope controls, and tracking agent behavior in real time, Agentic Identity brings trust and accountability to the emerging agentic web. Many agents are already transacting, communicating, and making independent decisions, often without direct human supervision. While this is … More →

The post Incode Agentic Identity links AI agents to verified humans appeared first on Help Net Security.

The Pakistani hacking collective known as Transparent Tribe (APT36) has intensified cyber-espionage operations against Indian government institutions, deploying

The post Transparent Tribe APT Deploys DeskRAT to Spy on Indian Government Linux Systems appeared first on Penetration Testing Tools.

Пользователь попытался стать анонимным, но столкнулся с цифровой реальностью.

Government-backed hackers infiltrated a U.S. nuclear weapons component manufacturer by exploiting vulnerabilities in Microsoft SharePoint. The incident affected

The post Nuclear Threat: Hackers Breach US Weapons Component Maker via SharePoint Zero-Days appeared first on Penetration Testing Tools.

TeamDynamix introduced AI Service Assist, an extension of its core IT Service Management (ITSM) platform that leverages AI agents with native integration and automation for faster resolution, lower overhead, and enterprise-wide agility. AI Service Assist delivers value by expanding the core ITSM capabilities without the baggage of legacy, AI-washed, developer-heavy approaches. Built on Microsoft Azure AI services, the solution pairs enterprise-grade data protection with scalable intelligence. Microsoft Azure AI services provide access to a variety … More →

The post AI Service Assist expands TeamDynamix ITSM platform with integrated intelligence appeared first on Help Net Security.

A vulnerability was found in Tenda CH22 1.0.0.1 and classified as critical. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-12271. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Tenda CH22 1.0.0.1. It has been classified as critical. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. This vulnerability was named CVE-2025-12272. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Tenda CH22 1.0.0.1. It has been declared as critical. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing manipulation of the argument page can lead to buffer overflow. The identification of this vulnerability is CVE-2025-12273. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability labeled as problematic has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-12279. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as problematic has been detected in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. This vulnerability is referenced as CVE-2025-12304. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. This vulnerability is identified as CVE-2025-12305. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulation of the argument ID causes sql injection. This vulnerability is tracked as CVE-2025-12306. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability described as critical has been identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-12307. The attack may be performed from remote. In addition, an exploit is available.