Aggregator

В России решена математическая задача, считавшаяся неразрешимой с XIX века.

The company said in a brief statement that it takes consumer privacy and data security seriously and is “actively assessing the situation,” but offered few details about the scope of the alleged breach or whether customer information may have been exposed.

WiGLE（wigle.net）全称是 Wireless Geographic Logging Engine（无线地理日志引擎），是一个全球性的无线网络数据收集与地图展示网站。它通过社区贡献的数据来创建一个包含 Wi-Fi 热点、蜂窝网络、蓝牙位置的数据库。 主要功能 全球无线网络地图 你可以在网站上查看世界各地已经被扫描过的无线局域网（Wi-Fi）热点的位置。 Wi-Fi 热点数据收集 注册用户可以上传自己扫描到的 Wi-Fi 网络数据，包括位置（GPS 坐标）、网络名称（SSID）、MAC 地址（BSSID）、加密类型等。 同时也可以使用高级搜索功能 图2 图3 图4 社区驱动 & 数据库 这个数据库主要由全球用户使用各种工具（如 Android 应用、GPS 设备、无线扫描软件等）收集和上传的数据组成。 API 与开发者支持 对开发者提供 API，可以通过程序访问 Wi-Fi 和网络位置数据。 核心用途 网络研究与探索 – 了解某个地区的 Wi-Fi 分布情况。 无线安全与分析 – 研究网络安全、检查加密类型等信息。 地理数据收集 – 形成全球免费可访问的无线网络位置数据库。 体验下来，就是加载有点慢，但是最后详细定位点都能加载出来。 最后一张图位置可以猜一下。

Security Operations Centers live or die by their ability to respond quickly and accurately to alerts. At the heart of this process is alert triage — the initial evaluation that decides whether an alert is a real incident, a false positive, or something that needs immediate escalation. When Tier 1 analysts get triage wrong, detection speed collapses, response resources are misused, and […]

The post Your Tier 1 Analyst at SOC Team Is Failing at Effective Triage. That’s a Business Problem  appeared first on Cyber Security News.

Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8, […]

Cybercriminals have adopted a deceptive strategy to compromise users searching for common software applications online. These attackers are using search engine optimization poisoning techniques to place malicious links at the top of search results. When unsuspecting users click on these links, they download infected files instead of legitimate tools. This growing threat targets individuals seeking […]

The post Hackers are Leveraging SEO Poisoning to Attack Users Looking for Legitimate Tools appeared first on Cyber Security News.

Le Grande Madness: доказывает миру, что рельсы — это для слабаков.

阿里云安全保障急招安全工程师，适合对前沿云上攻防、AI For Security、Security For AI感兴趣的小伙伴们～

Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today's ransomware groups weaponize stolen data and pressure tactics to force payment. [...]

A vulnerability was found in GNOME Glib and classified as critical. This affects an unknown part of the component Unicode Case Conversion. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-1489. The attack may be launched remotely. There is no exploit available.

LevelBlue calls the move “all upside” for MDR customers, stressing that “nothing’s going to change.”

The post LevelBlue scoops up Alert Logic’s managed services from Fortra appeared first on CyberScoop.

A vulnerability has been found in Red Hat Keycloak and classified as problematic. Affected by this issue is some unknown functionality of the component org.keycloak.services.resources.admin. This manipulation causes information disclosure. This vulnerability appears as CVE-2025-13881. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in GNOME Glib. Affected by this vulnerability is an unknown functionality of the component Treemagic File Handler. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-1485. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in askbot up to 0.12.2. Affected is an unknown function of the component Profile Picture Handler. The manipulation leads to authorization bypass. This vulnerability is documented as CVE-2026-1213. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: […]

A vulnerability classified as critical was found in GNOME GLib. This impacts an unknown function of the component Base64 Encoding Handler. Executing a manipulation can lead to out-of-bounds write. This vulnerability is registered as CVE-2026-1484. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in n8n up to 1.123.16/2.4.4/2.5.0. This affects an unknown function of the component Workflow Expression Evaluation System. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. This vulnerability is cataloged as CVE-2026-1470. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on target Windows computers by using fake human verification pages – i.e., CAPTCHA pages – to trick users into manually pasting and executing a command via the Run dialog. And here is where things get interesting. … More →

The post Attackers use Windows App-V scripts to slip infostealer past enterprise defenses appeared first on Help Net Security.

AI agents are booking travel at scale. Learn how to enable agentic commerce, stop agent hijacking and loyalty fraud, and protect your revenue.

The post AI Agents Are Booking Travel: How Businesses Can Enable Revenue & Minimize Risk appeared first on Security Boulevard.