Шпионский городок, 200 сотрудников и «секретные комнаты». Китай строит мега-посольство в центре Лондона
Правительство Великобритании изучило риски близости посольства КНР к магистральным интернет-кабелям.
Aggregator
Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info
2 months 2 weeks ago
As emotional computing applications proliferate, the security threats they face require frameworks beyond traditional approaches.
Owais Sultan
IDA-PRO-MCP 远程代码执行漏洞(CVE-2025-67117)
2 months 2 weeks ago
IDA-PRO-MCP是我经常用的一个工具,看爆漏洞了,于是来分析了一下,大家记得更新升级
CVE-2025-41081 | Zuinq Studio IsMyGym URL /.php/ cross site scripting
2 months 2 weeks ago
A vulnerability marked as problematic has been reported in Zuinq Studio IsMyGym. This impacts an unknown function of the file /.php/ of the component URL Handler. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2025-41081. The attack may be initiated remotely. There is no available exploit.
vuldb.com
Webinar: Aligning cybersecurity purchases with what your SOC team needs
2 months 2 weeks ago
Learn how security leaders and SOC teams can work together to close the gap between platform decisions and operational needs. Join Sumo Logic and BleepingComputer on January 29 for a practical webinar on aligning security tools with real-world workflows. [...]
BleepingComputer
Автомобили были лишь разминкой: робот ET1 доказал, что Китай готов к серийному производству искусственных людей
2 months 2 weeks ago
Этот гуманоид выглядит слишком реально для простой машины.
RansomHouse Claims Data Breach at Major Apple Contractor Luxshare
2 months 2 weeks ago
RansomHouse claims to have breached Apple contractor Luxshare, but no evidence has been released. Links are offline and the breach remains unverified.
Waqas
Tengu
2 months 2 weeks ago
You must login to view this content
cohenido
Initial access broker pleads guilty to selling access to 50 corporate networks
2 months 2 weeks ago
A 40-year-old Jordanian man has admitted to selling unauthorized access to computer networks of at least 50 companies, the US Attorney’s Office of the District of New Jersey has announced. Feras Khalil Ahmad Albashiti has pleaded guilty last Thursday to fraud and related activity in connection with access devices. “In May 2023, law enforcement officers were investigating an online forum where malware and malicious code was being offered for sale. Albashiti controlled an online moniker … More →
The post Initial access broker pleads guilty to selling access to 50 corporate networks appeared first on Help Net Security.
Zeljka Zorz
LinkedIn Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
2 months 2 weeks ago
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages
UK launches landmark 'Report Fraud' service to tackle cybercrime and fraud
2 months 2 weeks ago
British authorities are rolling out Report Fraud, a platform intended to win back public trust over how law enforcement responds to widespread cybercrime and fraud.
PWN-AI 系列之 Special Token 注入
2 months 2 weeks ago
一句话打崩多模态模型推理服务?Token Injection 攻击面深度解析
UK warns of sustained cyberthreat from pro-Russian hacktivists
2 months 2 weeks ago
The National Cyber Security Centre highlighted the group known as NoName057(16) and other Russia-aligned operations that have targeted U.K. websites.
Endace pushes packet capture into real-time security workflows
2 months 2 weeks ago
Endace has announced the release of OSm 7.3, a major software update that makes network packet data faster, more affordable, and more user-friendly. Faster search, API-driven automation, and instant forensics With threats evolving at unprecedented speed and regulations like DORA, GDPR, HIPAA, and PCI-DSS requiring organizations to maintain detailed network forensics capabilities, packet-level network visibility is increasingly recognized as the gold standard for network security and troubleshooting. However, for many organizations, packet capture is being … More →
The post Endace pushes packet capture into real-time security workflows appeared first on Help Net Security.
Industry News
CVE-2026-22797 | OpenStack keystonemiddleware up to 10.7.1/10.9.0/10.12.0 external_oauth2_token authentication spoofing (EUVD-2026-3202 / WID-SEC-2026-0149)
2 months 2 weeks ago
A vulnerability was found in OpenStack keystonemiddleware up to 10.7.1/10.9.0/10.12.0 and classified as critical. This affects the function external_oauth2_token. Executing a manipulation can lead to authentication bypass by spoofing.
This vulnerability is registered as CVE-2026-22797. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-23874 | ImageMagick up to 7.1.2-12 MSL Format infinite loop (GHSA-9vj4-wc7r-p844 / WID-SEC-2026-0148)
2 months 2 weeks ago
A vulnerability labeled as problematic has been found in ImageMagick up to 7.1.2-12. Impacted is an unknown function of the component MSL Format Handler. Such manipulation leads to infinite loop.
This vulnerability is listed as CVE-2026-23874. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
vuldb.com
TCL 接手索尼电视业务
2 months 2 weeks ago
索尼宣布了剥离电视业务的计划,它的电视业务将合并到一家新的合资企业,中国最大的电视制造商 TCL 在其中持 51% 股份,索尼持 49%。两家公司计划 3 月底达成协议,2027 年 4 月新公司投入运营。这项计划还需要得到监管部门的批准。新公司将保留“索尼”和“Bravia”电视品牌,计划结合索尼的图像和音频技术、品牌价值、供应链管理,以及 TCL 的显示技术、垂直整合的供应链优势、全球市场布局以及端到端的成本效益。这项交易如果达成,将标志着索尼电视时代的结束。
iPhone, Tesla и секретные чертежи. Хакеры взломали главного сборщика Apple и требуют выкуп за данные пяти корпораций
2 months 2 weeks ago
Группировка RansomHub украла документацию Luxshare, которую IT-отдел пытался скрыть.
CVE-2023-38922 | Netgear JWNR2000v2/XWN5001/XAVN2001v2 update_auth http_passwd/http_username parameters buffer overflow (EUVD-2023-42682)
2 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2, XWN5001 and XAVN2001v2. This impacts the function update_auth. The manipulation of the argument http_passwd/http_username parameters results in buffer overflow.
This vulnerability is reported as CVE-2023-38922. The attacker must have access to the local network to execute the attack. No exploit exists.
vuldb.com
CVE-2023-38921 | Netgear WG302v2 5.1.19/5.2.9 upgrade_handler firmwareRestore/firmwareServerip command injection (EUVD-2023-42681)
2 months 2 weeks ago
A vulnerability has been found in Netgear WG302v2 5.1.19/5.2.9 and classified as critical. Affected is the function upgrade_handler. This manipulation of the argument firmwareRestore/firmwareServerip causes command injection.
This vulnerability appears as CVE-2023-38921. The attacker needs to be present on the local network. There is no available exploit.
The affected component should be upgraded.
vuldb.com