Aggregator

Critical vulnerability in Appsmith allows account takeover via flawed password reset process

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Как понять, что письмо от «техподдержки» прислал вор, не открывая ссылку?

Moderna 和默克公布了针对黑色素瘤的 mRNA 癌症疫苗二期临床试验初步结果：相比标准疗法，五年内癌症复发和死亡风险降低近 50%。二期临床试验包含了 157 名被诊断为三期或四期黑色素瘤且手术切除后有高复发风险的患者。此类手术后预防复发的标准治疗方法是采用免疫疗法如使用默克的 Keytruda，所有参与者都接受了 Keytruda 治疗，他们以 2:1 的比例随机分组，部分患者接受了定制 mRNA 疫苗。疫苗专门针对每位患者的黑色素瘤进行定制，它携带了基因指令去构建最多 34 种独一无二的突变癌细胞标志物。一旦进入患者体内，健康细胞会产生这些标志物，训练 T 细胞去识别和攻击癌细胞。此前公布的结果显示，同时接受 mRNA 疫苗和 Keytruda 的 107 名患者中有 24 人在两年随访期间复发或死亡，只使用 Keytruda 的 50 名患者有 20 人复发或死亡，显示疫苗将复发或死亡风险降低了 44%。两家公司未公布五年随访的具体结果，只是表示风险降低了 49%。

现代工作场所打印机配备的监控软件具有惊人能力，不仅记录每次打印的元数据，还能存档实际打印内容，从而成为强大告密

U.S. authorities have pulled back the curtain on “r1z,” an initial access broker who quietly sold gateways into corporate networks around the world. Operating across popular cybercrime forums, he offered stolen VPN credentials, remote access to enterprise environments, and custom tools designed to bypass security controls. His activity fed the ransomware supply chain by giving […]

The post Researchers Detailed r1z Initial Access Broker OPSEC Failures appeared first on Cyber Security News.

Хакеры решили, что вашему процессору скучно, и заставили его добывать Monero.

WeKnora（维娜拉） 是一款基于大语言模型（LLM）的文档理解与语义检索框架，专为结构复杂、内容异构的文档场景而打造。

Day One of Pwn2Own Automotive 2026, which delivered $516,500 USD for 37 zero-days, the event has now accumulated $955,750 USD across 66 unique vulnerabilities, demonstrating the automotive sector’s substantial attack surface. The competition showcased exploits targeting multiple vehicle subsystems, including in-vehicle infotainment (IVI) systems, EV charging stations, and embedded Linux environments. Researchers successfully demonstrated command […]

The post Hackers Earned $516,500 for 37 Unique 0-day Vulnerabilities – Pwn2Own Automotive 2026 appeared first on Cyber Security News.

记一次国外某红队域渗透靶场通关实战，该靶场模拟了大型电信公司的真实内网架构。环境内包含域控（DC）、邮件服务器（Exchange）、数据库服务器（SQL Server）及虚拟化平台（ESXi）等核心资产。整体渗透流程分为两条主要的攻击路径，旨在通过横向移动与权限提升最终控制整个域环境。

Google 前 CEO Eric Schmidt 在瑞士达沃斯世界经济论坛上表示，欧洲必须投资建设自己的开源 AI 实验室和应对能源价格飙升的问题，否则会很快发现自己将依赖于中国的开源模型。美国公司多数转向闭源模型，这意味着它们的 AI 技术需要购买和获得授权。而中国的 AI 模型则主要采用开放权重的方式。除非欧洲愿意投入大量资金开发欧洲本土的模型，否则最终欧洲将不得不使用中国的模型。这对欧洲来说可能不是好事。

A critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers, according to security researchers at watchTowr Labs. The vulnerability, tracked as WT-2026-0001, allows unauthenticated attackers to reset the system administrator password without any validation, leading to complete system takeover. The flaw exists in the ForceResetPassword API endpoint, which is designed […]

The post Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild appeared first on Cyber Security News.

A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after a patch was released. The issue, tracked as WT-2026-0001 and lacking a CVE, was fixed on January 15, 2026, with […]

Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites

Техническое задание оказалось идеальной приманкой для десятков компаний.

1月22日，《明日方舟：终末地》海外服上线首日即爆发严重支付安全事故。

Hybrid work has driven a surge in Active Directory password resets, turning minor lockouts into major productivity drains. Specops shows why remote access, cached credentials, and security policies are fueling the spike. [...]

Everyone in IT has lived this scene: a sales team can’t pull up a customer record during a call, or a warehouse scanner suddenly stops syncing inventory, and before anyone checks to see what actually happened, someone proclaims, “The network is to blame. It must be down.” It’s a knee-jerk reaction, largely because...

Obsidian Security announced end-to-end SaaS supply chain security solution, empowering organizations to monitor, control and contain the security risk hiding inside interconnected SaaS ecosystems. Companies depend on hundreds of SaaS applications to operate their business. The security threat posed by these interconnected SaaS applications is growing exponentially with major breaches like the Salesloft-Drift Supply Chain attack that impacted over 700 organizations last year. Obsidian Security is launching a new solution that secures the SaaS supply … More →

The post Obsidian Security unveils end-to-end SaaS supply chain security to stop integration-led breaches appeared first on Help Net Security.

Компании ставят цифровых надзирателей над слишком умными помощниками.