Aggregator

Fortinet security advisory (AV26-313)

2 months 2 weeks ago

Canadian Centre for Cyber Security

AI Agents and Non-Human Identities Creating Critical Security Gaps, Report

2 months 2 weeks ago

New research from Keeper Security, reveals non-human identities and automated system-to-system interactions are becoming the top security risk for businesses in 2026.

Deeba Ahmed

Cookie控制的PHP Webshell：Linux托管环境中的隐秘攻击手法

Desync InfoSec

2 months 2 weeks ago

Cookie控制的PHP Webshell：Linux托管环境中的

微软揭秘：AI驱动的Device Code钓鱼攻击如何规模化绕过MFA

Desync InfoSec

2 months 2 weeks ago

微软揭秘：AI驱动的Device Code钓鱼攻击如

CVE-2026-35616：Fortinet FortiClientEMS 零日漏洞已被野外利用（CVSS 9.1）

Desync InfoSec

2 months 2 weeks ago

CVE-2026-35616：Fortinet FortiClientEMS 零日漏洞

BlueHammer：研究员公开未修复 Windows 零日漏洞，可提权至 SYSTEM

Desync InfoSec

2 months 2 weeks ago

安全研究员因不满 MSRC 处理流程，公开发布了可获取 SYSTEM 权限的 Windows LPE 零日漏洞利用代

Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI

Information Security Magazine

2 months 2 weeks ago

Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI

UK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks

NCSC Feed

2 months 2 weeks ago

New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.

APT28 exploit routers to enable DNS hijacking operations

NCSC Feed

2 months 2 weeks ago

Russian cyber actor APT28 exploit vulnerable routers to hijack DNS, enabling adversary‑in‑the‑middle attacks and theft of passwords and authentication tokens.

AI-enabled device code phishing campaign exploits OAuth flow for account takeover

Help Net Security

2 months 2 weeks ago

A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research team. The campaign uses AI-assisted infrastructure and end-to-end automation. Attack overview Device Code Authentication is a legitimate OAuth flow designed for devices that cannot support a standard interactive login. In this model, a code is presented on … More →

The post AI-enabled device code phishing campaign exploits OAuth flow for account takeover appeared first on Help Net Security.

Anamarija Pogorelec

Ваш VPN вас выдает. Популярные клиенты (v2rayNG, Clash, Hiddify) оказались уязвимы

Securitylab.ru

2 months 2 weeks ago

В мобильных VLESS-клиентах нашли критическую «дыру».

The Hidden Cost of Recurring Credential Incidents

The Hackers News

2 months 2 weeks ago

When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential

The Hacker News

GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover

Security Affairs

2 months 2 weeks ago

GPUBreach attack technique uses GPU memory bit-flips to escalate privileges and potentially take full control of a system. New research shows that attacks like GPUBreach exploit RowHammer bit-flips in GPU memory (GDDR6) to go beyond data corruption. Attackers can use this technique to escalate privileges and, in some cases, gain full control of the system. […]

Pierluigi Paganini

ShadowByt3 New threat Actor

Dark Feed IO

2 months 2 weeks ago

You must login to view this content

cohenido

TDF 基金会称它取消 Collabora 员工的会员资格是为了遵守非营利组织法

Solidot

2 months 2 weeks ago

The Document Foundation（TDF）再次通过官方博客回应了它与主要商业合作伙伴 Collabora 之间的分歧。TDF 称过去几年它犯下了多项违反非营利组织法的错误：仅允许生态系统内的公司免费使用 LibreOffice 品牌；将 LibreOffice 的开发合同——新功能开发、修 bug 等——授予在基金会董事会中拥有代表，积极参与采购的企业。基金会法律顾问指出这些违反法律的错误之后，从中受益的企业试图维持现状而不是解决问题。为避免失去非营利组织地位以及由此带来的不可预见的后果，TDF 基金会采取了措施，取消 Collabora 员工的会员资格、冻结招标以及引入开发采购政策，并制定了规则降低未来再次出现类似问题的风险。