Aggregator

Russian‑aligned hacktivist groups continue to target UK organisations with disruptive cyber attacks

The NCSC encourages local government and critical infrastructure operators to harden their ‘denial of service’ (DoS) defences

Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS downtime, hiding behind the Shared Responsibility

Student Record Management System漏洞复现及代码分析（CVE-2025-5216）

Law enforcement agencies in Ukraine and Germany have identified two members of a Russian-affiliated ransomware group and carried out searches in western Ukraine. Search (Source: Cyber ​​Police of Ukraine) Investigators also named the alleged organizer, a Russian national, and placed him on an international wanted list through INTERPOL. Foreign law enforcement agencies said the individual may have connections to activity associated with the Conti ransomware operation. Technical roles inside the group According to investigators, the … More →

The post Law enforcement tracks ransomware group blamed for massive financial losses appeared first on Help Net Security.

Microsoft закрыла уязвимость CVE-2026-20931. Проверьте, не открыта ли она у вас.

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided by AMD

Oleg Evgenievich Nefedov, allegedly one of the founders of Black Basta, was also placed on Europol’s and Interpol’s Most Wanted lists

Researchers have found a new spying campaign using news about Venezuela to trick US government officials. Learn how the LOTUSLITE virus sneaks into computers to steal secrets.

Currently trending CVE - Hype Score: 12 - SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.49.4, the vulnerability ...

Currently trending CVE - Hype Score: 5 - n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute ...

Currently trending CVE - Hype Score: 2 - Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

Keepnet launched its Agentic AI for Behavioral Microlearning solution, which moves success metrics from “completion rates” to behavior change and verifiable incident reduction. Agentic AI autonomously plans, creates, delivers, and optimizes training based on real-time risk data, eliminating manual intervention. Organizations using Keepnet’s Agentic AI frameworks have achieved up to a 47% reduction in human-driven incidents within 90 days, giving organizations measurable risk reduction while employees receive short, contextual coaching instead of extra courses. At … More →

The post Keepnet bets on agentic AI behavioral training to curb security mistakes appeared first on Help Net Security.

Представитель YouTube анонсировал смягчение правил модерации для социально значимого контента.

关键词数据泄露加拿大投资行业监管组织（CIRO）证实，其去年遭受的数据泄露事件影响了约75万名加拿大投资者。

关键词黑客以"默认安全"架构著称的现代 JavaScript/TypeScript 运行时 Deno 近日曝出

关键词DNS劫持Infoblox研究人员揭露了一个庞大的欺诈性推送通知网络，展示了薄弱的DNS管理规范与"坐以

关键词漏洞据媒体报道，苹果在官网发布安全公告，建议所有 iPhone 及 iPad 用户尽快将系统更新至最新版

A vulnerability labeled as problematic has been found in GNU libiberty. Impacted is the function demangle_path of the file rust-demangle.c of the component Symbol Handler. The manipulation results in uncontrolled recursion. This vulnerability is cataloged as CVE-2021-3530. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in vim up to 9.0.788 and classified as critical. Affected is an unknown function. Executing a manipulation can lead to use after free. This vulnerability appears as CVE-2022-3591. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.