Aggregator

Google announced today that the Chrome web browser will ask for permission by default before connecting to public, insecure HTTP websites, beginning with Chrome 154 in October 2026. [...]

Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP. [...]

Secure by Design offers practical, risk-based strategies for integrating security into the software development lifecycle.

A surge in fake investment platforms targeting cryptocurrency and forex markets has been driving a new wave of financial crime in Asia

Mozilla is implementing a significant transparency requirement for Firefox extensions, mandating that all new browser add-ons disclose their data collection practices to users before installation. Starting November 3rd, 2025, developers submitting fresh extensions to the Firefox ecosystem must declare whether their software collects or transmits personal data through a new standardized framework embedded in the […]

The post Mozilla Wants All New Firefox Extensions to Disclose Data Collection Policies appeared first on Cyber Security News.

A critical remote code execution (RCE) flaw in XWiki, a popular open-source wiki platform, was exploited in the wild to deploy cryptocurrency mining malware on compromised servers. The vulnerability, tracked as CVE-2025-24893, allows unauthenticated attackers to inject malicious templates and execute arbitrary code, bypassing authentication entirely. This discovery highlights the growing threat to web applications, […]

The post XWiki RCE Vulnerability Actively Exploted In Wild To Deliver Coinminer appeared first on Cyber Security News.

Как всего одна публикация в HIBP превратилась в международный скандал.

Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. "Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection," ThreatFabric said in a report shared with

CISA KEV Catalog

Organizations today face constant threats from malware, including ransomware, phishing attacks, and zero-day exploits. These threats are evolving faster than ever. Threat intelligence feeds emerge as a game-changer, delivering real-time, actionable data that empowers security teams to detect and neutralize attacks before they cause widespread damage. These feeds aggregate indicators of compromise such as IP […]

The post How Threat Intelligence Feeds Help Organizations Quickly Mitigate Malware Attacks appeared first on Cyber Security News.

微软与 OpenAI 达成新协议，消除了不确定性，为 OpenAI 转型为营利性企业铺平道路。微软将获得 OpenAI 27% 的股权，价值约 1350 亿美元，保留访问其技术至 2032 年，包括实现 AGI 的模型。原来控制 OpenAI 公司的基金会将持有价值约 1300 亿美元的股权。微软是 OpenAI 最大的投资者，共投资约 137.5 亿美元。根据双方的协议，一旦 OpenAI 实现 AGI，经过独立专家小组验证后，微软将不再能 OpenAI 的收入中分得一杯羹。OpenAI 新的云基础设施业务也将不再优先购买微软的 Azure 云服务，不过它承诺会额外购买 250​0 亿美元的 Azure 服务。

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,

Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures.

Мы спорим о том, сможет ли ИИ заменить психологов. А что, если он уже на передовой?

A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign

今日暂未更新资讯~
更多最新文章，请访问SecWiki

根据发表在 PNAS 期刊上的一项研究，2008-2010 年之间社会极化加剧，与此同时社交圈亲密朋友的人数从两人增加到了四或五人。两者之间的关联或能从根本上解释世界各地的社会日益分裂成意识形态泡泡。数十年以来的社会学研究表明，人们平均拥有大约两位密友，而密友能影响他们对重要问题的看法。但从 2008 年起，密友的人数突然增加到了四到五名。更多的密友，以及由此带来的更紧密的社交网络，导致了网络的分裂，以及最后导致社会极化。研究人员利用基于真实数据的模型发现，当网络密度增加，内部的极化是不可避免的。研究人员说，彼此联系更紧密时，人们会更频繁的遭遇不同意见。不可避免的会导致更多冲突，从而加剧社会极化。

Recently, Anthropic added the capability for Claude’s Code Interpreter to perform network requests. This is obviously very dangerous as we will see in this post. At a high level, this post is about a data exfiltration attack chain, where an adversary (either the model or third-party attacker via indirect prompt injection) can exfiltrate data the user has access to. The interesting part is that this is not via hyperlink rendering as we often see, but by leveraging the built-in Anthropic Claude APIs!

New Android malware tries to “humanize” the actions attackers perform during remote control.

Станет ли ИИ главной угрозой для Web3?