Aggregator

A vulnerability, which was classified as critical, has been found in GNU grub2. The impacted element is an unknown function of the component UFS. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2025-0677. The attack needs to be performed locally. There is not any exploit available.

Microsoft has officially released the optional non-security preview update KB5074105 for Windows 11, versions 25H2 and 24H2. This release, part of the January 2026 “C-week” schedule, focuses on functionality enhancements, performance optimization, and reliability improvements rather than addressing security vulnerabilities. As a cumulative update, it integrates previous fixes and introduces new changes to the operating […]

The post Microsoft Releases Update for Windows 11, version 25H2 and 24H2 Systems appeared first on Cyber Security News.

KONNI采用人工智能技术生成PowerShell后门；Lazarus组织开展新的Contagious Interview攻击活动；深入伊朗APT网络：剖析最活跃的伊朗国家关联威胁行为者；Sandworm 使用 DynoWiper 攻击波兰能源系统

A vulnerability identified as problematic has been detected in Anthropic MCP TypeScript SDK up to 1.25.1. The impacted element is the function UriTemplate of the component URI Handler. Performing a manipulation results in inefficient regular expression complexity. This vulnerability is identified as CVE-2026-0621. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Vega up to 5.6.2/6.1.1. This affects an unknown part. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-65110. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 Breach
An ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those states.

ACAMS Says Investigators Need Better Data, Architecture and AI-Based Detection
The financial system has a trust problem driven by artificial intelligence, and CIOs looking to prevent fraud and other financial crimes will only face more challenges as criminals find new ways to use AI to swindle, according to an Association of Certified Anti-Money Laundering Specialists survey.

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty
This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach.

Agents Fuel Digital Risk Protection, Open-Source Intel Adoption in Regulated Spaces
Outtake will invest $40 million to grow its automated platform for digital risk protection and open-source threat intelligence. CEO Alex Dhillon says the New York-based startup's agent-led model stands apart by replacing manual labor with scalable AI workflows.

Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.

传SpaceX 正与 xAI 洽谈合并打包上市；松延动力成为总台《2026 年春节联欢晚会》人形机器人合作伙伴；DeepSeek 正招兵买马，布局 AI 搜索与智能体领域

Key Takeaways When companies run payment systems, those systems operate on infrastructure provided by hosting platforms. That layer includes the servers, networks, and data centers where applications live.  The term PCI compliance hosting is commonly used to describe infrastructure environments that have been structured with PCI-related security expectations in mind and that provide documentation and […]

The post Top 5 PCI Compliant Hosting Providers appeared first on Centraleyes.

The post Top 5 PCI Compliant Hosting Providers appeared first on Security Boulevard.

疑似某黑产新型远控勒索样本分析

Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025 security update, which left systems in an "improper state." [...]

让数据成为驱动政府融媒体高质量发展的核心动力。

Federal agencies will no longer be required to solicit software attestations that they comply with NIST's Secure Software Development Framework (SSDF). What that means long term is unclear.

After two years of daily ChatGPT use, I recently started experimenting with Claude, Anthropic’s competing AI assistant.

Related: Microsofts see a  ‘protopian’ AI future

Claude is four to five times slower generating responses. But something emerged that matters more than … (more…)

The post MY TAKE: Transparent vs. opaque — edit Claude’s personalized memory, or trust ChatGPT’s blindly? first appeared on The Last Watchdog.

The post MY TAKE: Transparent vs. opaque — edit Claude’s personalized memory, or trust ChatGPT’s blindly? appeared first on Security Boulevard.

A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. [...]