Aggregator

当前环境出现异常问题,需完成验证后方可继续访问相关内容。

访谈讨论了漏洞管理现状及近期NPM供应链攻击事件，并涵盖企业安全新闻中的资金收购、新安全工具及未来风险展望。

SentinelOne uncovered MalTerminal, the earliest known malware with built-in LLM capabilities, and presented it at LABScon 2025. SentinelLABS researchers discovered MalTerminal, the earliest known LLM-enabled malware, which generates malicious logic at runtime, making the detection more complex. Researchers identified it via API key patterns and prompt structures, uncovering new samples and other offensive LLM uses, […]

SentinelOne发现MalTerminal是首款内置LLM功能的恶意软件，其可在运行时生成恶意代码以提高隐蔽性。研究人员通过分析API密钥和提示结构发现该恶意软件，并揭示了其他利用LLM的攻击工具。此发现为防御者提供了应对新兴威胁的机会。

Он не следит за вами, не отправляет данные и не дружит с Google.

A sophisticated attack technique called LNK Stomping has emerged as a critical threat to Windows security, exploiting a fundamental flaw in how the operating system handles shortcut files to bypass security controls.  Designated as CVE-2024-38217 and patched on September 10, 2024, this vulnerability demonstrates how attackers can manipulate Windows shortcuts (LNK files) to circumvent the […]

The post Hackers Bypassing Windows Mark of the Web Files Using LNK Stomping Attack appeared first on Cyber Security News.

A vulnerability identified as critical has been detected in Red Hat Enterprise Linux 9/10. Affected by this vulnerability is an unknown functionality of the component Lightspeed History Service. Performing manipulation results in improper access controls. This vulnerability is known as CVE-2025-5962. Attacking locally is a requirement. No exploit is available.

A vulnerability categorized as problematic has been discovered in Proliz OBS Student Affairs Information System. Affected is an unknown function. Such manipulation leads to authorization bypass. This vulnerability is traded as CVE-2025-0875. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

天文学家在地球附近发现一颗准卫星（quasi-moon）。被称为 2025 PN7 的天体是一颗近地小行星，围绕太阳飞行一周大约一年时间，可能在地球附近徘徊了约 60 年，直到今年夏天近距离掠过地球时才被望远镜观测到。此类准卫星因体积小且暗淡无光而难以被发现，夏威夷的 Pan-STARRS 天文台是在 8 月 29 日观测到 2025 PN7，历史档案数据显示它在类地球轨道上运行了数十年。天文学家仍致力于确定 2025 PN7 的大小，有估计认为其直径为 19 米或 30 米，它可能是已知绕地球运行的最小准卫星。

天文学家发现一颗近地小行星2025 PN7作为准卫星绕太阳飞行一年，在地球附近徘徊约60年。今年8月被夏威夷望远镜观测到，体积小且暗淡，可能是已知最小的绕地准卫星。

For the latest discoveries in cyber research for the week of 22nd September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Several major European airports including Heathrow, Berlin, Brussels, Dublin, and Cork have experienced a cyber-attack, resulting in disruptions to electronic check-in and baggage drop systems using Collins Aerospace’s MUSE software. The incident […]

The post 22nd September – Threat Intelligence Report appeared first on Check Point Research.

当前环境出现异常，需完成验证后方可继续访问。

企业安全团队常面临这样的困境："我们有数百个服务账户和AI Agent在后台运行，其中大多数并非由我们创建，也不清楚归属者是谁，该如何保障它们的安全？"现代企业的运作早已超越人类用户的范畴。在

当前环境出现异常状态，需完成验证后方可继续访问相关内容或功能。

Учёные показали, как остановить транзисторы и сохранить ключи.

Sia 是全球最安全的云存储平台,通过去中心化设计和高可靠性技术保障数据安全,并邀请开发者共同构建下一代去中心化云存储解决方案。

iPhone Air 拆解显示更换电池较为方便，iFixit 给出 7 分维修得分。苹果采用电动释放式粘合剂设计，主板等元器件置于后盖板，断开排线即可轻松拆下电池。尽管机身轻薄影响内部空间布局，但维修设计仍较为友好。

近年来，针对用户浏览器的攻击激增，成为企业面临的突出安全威胁。本文将解析什么是“基于浏览器的攻击”、为何它们如此高效，以及六种最值得关注的攻击方式。