Aggregator

你的手机或者浏览器是不是偶尔会弹出一些奇怪的通知？

含uofTCTF2026 firewall题解

A vehicle search uncovered a mobile computing system hidden in the trunk and connected to a roof-mounted transmitter disguised as a shark-fin antenna.

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844

Объясняем, почему в этой игре на нервах проигрывает тот, кто торопится.

A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works by injecting hidden scripts into compromised shopping sites, allowing attackers to intercept sensitive data when customers enter their credit card details during checkout. Magecart attacks represent a significant threat to […]

The post New Magecart Attack Inject Malicious JavaScript to Skim Payment Data appeared first on Cyber Security News.

A ransomware attack has reportedly exposed confidential internal documents at a major electronics manufacturer. The breach compromises the company’s critical role in Apple’s global supply chain, including AirPods manufacturing, iPhone production, and Vision Pro assembly. Threat actors have published internal documents revealing sensitive operational intelligence, including production workflows, security procedures, and supply chain protocols. Luxshare […]

The post Alleged Ransomware Attack on Apple’s Second-Largest Manufacturer Luxshare – Confidential Data Exposed appeared first on Cyber Security News.

Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month's Windows security updates. [...]

A vulnerability categorized as problematic has been discovered in Moodle. Affected is an unknown function of the component Data Export. Executing a manipulation can lead to injection. The identification of this vulnerability is CVE-2025-67851. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in ISC BIND up to 9.18.43/9.18.43-S1/9.20.17/9.20.17-S1/9.21.16. It has been rated as problematic. This impacts an unknown function of the component BRID/HHIT. Performing a manipulation results in reachable assertion. This vulnerability was named CVE-2025-13878. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach origin servers. The issue stemmed from how Cloudflare’s edge handled requests to the /.well-known/acme-challenge/ path. […]

Кажется, в погоне за эффективностью про базовую цифровую гигиену просто забыли.

Loan phishing operation in Peru is stealing card info by impersonating financial institutions

A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through visually broken web pages. The attack platform costs around $800 and offers cybercriminals a complete solution for running deceptive campaigns across multiple operating systems. ErrTraffic extends the traditional ClickFix approach […]

The post ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix appeared first on Cyber Security News.

Critical security patches addressing five vulnerabilities across versions 18.8.2, 18.7.2, and 18.6.4 for both Community Edition (CE) and Enterprise Edition (EE). The patches resolve issues ranging from high-severity authentication flaws to denial-of-service conditions affecting core platform functionality. Critical 2FA Bypass Vulnerability The most severe vulnerability is CVE-2026-0723, an unchecked return value issue in authentication services […]

The post Multiple GitLab Vulnerabilities Enables 2FA Bypass and DoS Attacks appeared first on Cyber Security News.

Check Point announced Check Point Exposure Management, a new approach designed to help organizations defend against attacks by turning fragmented exposure data into prioritized, actionable, and safe remediation. Exposure Management delivers real-time situational awareness by unifying threat intelligence, dark-web insights, attack surface visibility, exploitability context, and automated remediation, at a time when attackers increasingly use automation and AI to move faster than traditional security operations can respond. “Security teams are flooded with intelligence but still … More →

The post Check Point Exposure Management unifies threat intelligence, context, and remediation appeared first on Help Net Security.

Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware.

A critical security alert regarding an active phishing campaign that commenced on January 19, 2026. The malicious actors are impersonating LastPass support staff and sending fraudulent emails claiming urgent vault backup requirements to harvest master passwords from unsuspecting users. The phishing emails employ social engineering tactics by creating artificial urgency, falsely claiming that LastPass maintenance […]

The post LastPass Warns of Fake Maintenance Message Tracking Users to Steal Master Passwords appeared first on Cyber Security News.

Злоумышленники массово переходят с дата-центров на домашние сети.

Cohesity has unveiled Identity Threat Detection and Response (ITDR) capabilities that expand its Identity Resilience portfolio, providing a more comprehensive approach to securing and recovering critical identity systems such as Active Directory (AD) and Microsoft Entra ID. Identity is foundational to enterprise security, underpinning all access. Without it, operations grind to a halt, and organizations are at risk. Attackers constantly seek to exploit misconfigurations, privilege escalation paths, and weak controls to gain access to sensitive … More →

The post Cohesity enhances identity resilience with ITDR capabilities appeared first on Help Net Security.