Aggregator

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over 900,000 users. Separately, researchers

Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk?

Новый проект Мокси Марлинспайка позволит использовать нейросети без передачи личных данных разработчикам.

A joint operation led by Microsoft and international law enforcement has dismantled a business email compromise (BEC) attack chain powered by the RedVDS fraud engine. RedVDS operated as a low‑cost “cybercrime subscription” platform, giving criminals disposable virtual machines that looked like normal Windows systems on the internet. Using these rented hosts, threat actors sent huge […]

The post Microsoft and Authorities Dismatles BEC Attack Chain Powered by RedVDS Fraud Engine appeared first on Cyber Security News.

A critical authentication bypass vulnerability in Cal.com’s scheduling platform enables attackers to hijack any user account by exploiting a flaw in the NextAuth JWT callback mechanism. Tracked as CVE-2026-23478, this vulnerability affects versions from 3.1.6 up to but not including 6.0.7, with patches available in version 6.0.7 and later. The vulnerability resides in a custom […]

The post Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack any User Account appeared first on Cyber Security News.

Palo Alto Networks addressed a flaw impacting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists. Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists. GlobalProtect is Palo Alto Networks’ VPN and secure remote-access solution. It gives users a […]

DDoS-ers are striking a website linked to a data breach at the Department of Homeland Security

Mozilla released Firefox 147 on January 13, 2026, addressing 16 security vulnerabilities detailed in the Mozilla Foundation Security Advisory. The update patches critical issues across components such as graphics, JavaScript, and networking, addressing six high-impact flaws, including multiple sandbox escapes, that could enable arbitrary code execution if exploited. These fixes also apply to Firefox ESR […]

The post Firefox 147 Released With Fixes for 16 Vulnerabilities that Enable Arbitrary Code Execution appeared first on Cyber Security News.

США призвали ООН ужесточить санкции против КНДР из-за кражи криптовалют на миллиарды долларов.

关键词钓鱼网站乌克兰计算机应急响应小组指出，乌军近期遭到一系列新型网络攻击，攻击所使用的恶意软件为PLUGGY

关键词漏洞研究人员发现针对微软Copilot Personal的新型一键式攻击，攻击者可通过该漏洞静默窃取用户

关键词非法代理近日，湖南省株洲市攸县公安局刑侦大队在工作摸排中得到线索：攸县某医院的固话机箱内，被他人非法架设

Experts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over.

It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts’ needs, staggering investigations and incident response. Below are four limiting habits that may be preventing your SOC from evolving at

移民事务律师 Michael Wildes 的办公室墙上挂着一张巨幅照片，画中是小野洋子和她已故的丈夫、披头士主唱约翰列侬——他们曾是 Wildes 父亲的委托人，当年正是 Wildes 父亲为这对夫妇辩护，使他们免遭驱逐出境。几十年后，Wildes 开始为他这一代人中一些最知名的演员和歌手提供法律服务。不过如今联系他办理签证的人当中，越来越多的是社交媒体网红和 OnlyFans 平台模特。美国特殊人才 O-1 签证并没有对艺术家进行严格定义，它采用了基于影响力的评价机制，导致 Youtube、Tiktok、Instagram、OnlyFans 上的网红占据了该签证获取量的半数以上。

A critical unauthenticated privilege escalation vulnerability in the Modular DS WordPress plugin allows attackers to gain instant admin access, with exploitation confirmed in the wild. Affecting over 40,000 sites, the flaw in versions up to 2.5.1 has prompted urgent patches and mitigations from Patchstack and the vendor. Modular DS, developed by modulards.com, enables remote management […]

The post Critical WordPress Plugin Vulnerability Exploited in the Wild to Gain Instant Admin Access appeared first on Cyber Security News.

В стране начались массовые отключения интернета за 2 дня до всеобщих выборов.

Amazon has made the AWS European Sovereign Cloud generally available to customers across the European Union, backed by a €7.8 billion investment. According to AWS, the funding will support infrastructure buildout, staffing, and long-term operations, and is expected to drive regional economic activity and job creation over the coming years. A separate cloud built for EU requirements The AWS European Sovereign Cloud operates as a distinct cloud environment. Infrastructure, services, and operations are located entirely … More →

The post AWS European Sovereign Cloud puts data, operations, and oversight inside the EU appeared first on Help Net Security.

本研究提出了一种名为“生成利用攻击”（generation exploitation attack）的极其简单的方法，旨在越狱LLMs的对齐，特别是针对那些在发布前经过安全微调的开源模型。