Aggregator

本次捕获的攻击活动是一场针对 macOS 平台、结合了社会工程学与多级无文件载荷的定向攻击。

​从「抽卡」到「导演」。

A new Android threat campaign has emerged that uses social engineering combined with a legitimate machine learning platform to spread dangerous malware across devices. The attack begins when users see fake security alerts claiming their phones are infected and need protection. These deceptive prompts push users to download a fake security app called TrustBastion, which […]

The post Attackers Using Hugging Face Hosting to Deliver Android RAT Payload appeared first on Cyber Security News.

Впервые опубликованы фотографии и схемы секретных спутников-шпионов 1970-х годов.

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently

In January, our analysts observed an unusual attack pattern at a major European e-commerce provider. It was not a classic DDoS attack with massive traffic volumes. Instead, over several weeks, there was a subtle, recurring increase in load that noticeably slowed down the web shop on Mondays.  This case is exemplary of a new generation of attacks in which […]

The post When real devices become weapons – a new form of low-and-slow attack  appeared first on Link11.

Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. [...]

Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 Breach
An ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those states.

ACAMS Says Investigators Need Better Data, Architecture and AI-Based Detection
The financial system has a trust problem driven by artificial intelligence, and CIOs looking to prevent fraud and other financial crimes will only face more challenges as criminals find new ways to use AI to swindle, according to an Association of Certified Anti-Money Laundering Specialists survey.

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty
This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.

Agents Fuel Digital Risk Protection, Open-Source Intel Adoption in Regulated Spaces
Outtake will invest $40 million to grow its automated platform for digital risk protection and open-source threat intelligence. CEO Alex Dhillon says the New York-based startup's agent-led model stands apart by replacing manual labor with scalable AI workflows.

The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran

Microsoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, 2027. The updated schedule extends access by nearly nine months. Microsoft said the updated timeline reflects feedback from customers and partners requesting additional time to transition. “To reduce friction and support customers of all sizes, we are extending the sunset date for managing Microsoft Sentinel in the Azure … More →

The post Microsoft sets new timeline for Sentinel transition to Defender portal appeared first on Help Net Security.

SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let attackers run malicious code on affected systems. “SmarterTools SmarterMail versions prior to build 9511 contain […]

180+ публично доступных серверов под угрозой.

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly