Aggregator

“Russia’s aggressive actions have consequences," Foreign Minister Johann Wadephul said after Germany announced a Russian diplomat had been expelled on suspicions of espionage.

Невесомость покажет, как они растут без искажений гравитации… и даст ключ к лекарству.

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix...

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least two custom-made phishing kits are currently used by a number of threat actors that go after credentials and authentication factors to gain access to corporate systems and assets. “These custom kits are made available on an as-a-service … More →

The post Okta users under attack: Modern phishing kits are turbocharging vishing attacks appeared first on Help Net Security.

本次微访谈于1月20日举行，邀请了11位来自国内高校和企业的专家分享自己的观点和看法

Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23. [...]

A dangerous new generation of phishing kits designed specifically for voice-based attacks has emerged as a growing threat to enterprise users across major technology platforms. Okta Threat Intelligence discovered multiple custom phishing kits available on an as-a-service basis that criminals are using in coordinated campaigns. These sophisticated tools target employees at Google, Microsoft, Okta, and […]

The post New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users appeared first on Cyber Security News.

Node.js has updated its HackerOne vulnerability disclosure program to require a minimum Signal score of 1.0, aiming to reduce low-quality submissions and improve processing efficiency. Node.js has implemented a new threshold for vulnerability report submissions through its HackerOne program, mandating that researchers maintain a Signal score of 1.0 or higher to participate. Signal is HackerOne’s […]

The post Node.js Updated HackerOne Program to Require a Signal of 1.0 or Higher to Submit Vulnerability Reports appeared first on Cyber Security News.

Let's get something out of the way: retrospectives can feel a bit like mandatory fun. Someone gathers up the year's events, packages them into neat categories, and delivers "key takeaways" that land somewhere between obvious and forgettable. This is not that.

The post The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work appeared first on Security Boulevard.

A new security feature for Teams Calling now alerts users to suspicious external calls that try to impersonate trusted organizations. The feature will begin deployment in mid-February 2026 for Targeted Release customers, with general availability timelines to be communicated later. Brand Impersonation Protection is a proactive security safeguard that evaluates inbound Voice over IP (VoIP) […]

The post Microsoft to Add Brand Impersonation Protection Warning to Teams Calls appeared first on Cyber Security News.

Специалисты нашли тысячи открытых тестовых стендов в инфраструктуре Cloudflare и F5.

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new

ShinyHunters claim more data breaches and leaks are coming soon!

Prinses Amalia heeft de Algemene Militaire Opleiding (AMO) afgerond en is bevorderd tot korporaal. Vandaag kreeg ze haar baret. De AMO is onderdeel van de opleiding die ze volgt aan Defensity College.

Security researchers at Pwn2Own Automotive 2026 demonstrated 76 unique zero-day vulnerabilities across electric vehicle chargers and in-vehicle infotainment systems. The three-day event in Tokyo awarded $1,047,000 USD total, with Fuzzware.io claiming the Master of Pwn title. Day One Activities Day One featured 30 entries targeting systems like Alpine iLX-F511, Kenwood DNR1007XR, and various EV chargers, […]

The post 76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026 appeared first on Cyber Security News.

Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords

A major security threat has emerged targeting developers who use EmEditor, a popular text editor favored by Japanese programming communities. In late December 2025, the software’s official download page fell victim to a compromise that allowed attackers to distribute malicious versions of the installer to unsuspecting users. The attack demonstrates how trusted software platforms can […]

The post New Watering Hole Attacking EmEditor User with Stealer Malware appeared first on Cyber Security News.

Really interesting blog post from Anthropic:

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

[…]

A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breach—­one of the costliest cyber attacks in history—­using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches. ...

The post AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities appeared first on Security Boulevard.

The Supreme Court’s review of United States v. Chatrie puts geofence warrants and mass digital data seizures under Fourth Amendment scrutiny, raising urgent questions about particularity, AI-driven searches, and constitutional limits in the digital age.

The post Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial Intelligence appeared first on Security Boulevard.

Технология переводит всё в векторы ещё до входа в модель.