Aggregator

Привет с Мальдив — там теперь не только отдых, но и обыски.

Машина просматривает секретные досье быстрее, чем аналитик успевает налить кофе...

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Akamai researchers warned that […]

Proofpoint Threat Intelligence has uncovered a large-scale Account Takeover (ATO) campaign, internally tracked as UNK_SneakyStrike, that leverages the open-source penetration testing framework TeamFiltration to target Microsoft Entra ID user accounts across global organizations.  The campaign, which began in late 2024, has targeted over 80,000 user accounts across hundreds of cloud tenants to date, with several […]

The post New Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Пока админы заняты рутиной, невидимые гости уже знакомятся с интерфейсами поближе.

Наука теперь может наблюдать, как формируются нейроны. В реальном времени.

SpaceX 至今发射了逾 7000 颗 Starlink 卫星去构建庞大的宽带卫星星座，而其中已有数百颗卫星从低地球轨道上提前坠落。根据一项研究，这一现象与太阳活动加剧有关。研究人员称，从 2020 年到 2024 年，有 1190 颗卫星从极低地球轨道（VLEO）坠落，其中 583 颗是 Starlink 卫星。研究显示，2020 年至 2024 年间，每年坠落 Starlink 卫星数量呈上升趋势，这一趋势与太阳活动处于增强阶段高度相关。2020 年仅有 2 颗坠落，2021 年有 78 颗坠落，而 2024 年坠落数量多达 316 颗。太阳活动以约 11 年为一个周期，呈现由弱到强、再由强转弱的周期性变化。202 0年至 2024 年，太阳活动处于第 25 个周期的上升和高峰阶段。太阳活动增强会引发地磁强烈扰动，使地球热层升温并膨胀，导致高层大气的密度和阻力增加。而高层大气阻力增加会使得低轨卫星轨道衰减加剧，最终更早坠入大气层烧毁；还可能增加组成部署星座的卫星之间的碰撞风险。Starlink 等低轨卫星的设计寿命一般约 5 年。研究显示，地磁活动对卫星的坠落影响显著，随着地磁活动增加，Starlink 卫星的坠落往往比地磁平静期更早。在强烈地磁暴期间，卫星从约 28 0公里的高度重返大气层的下落阶段比地磁平静期缩短 10 至 12 天。

A vulnerability was found in OnlyOffice Docs up to 8.3.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component WOPI Protocol Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5301. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens Mendix Studio Pro 10, Mendix Studio Pro 10.12, Mendix Studio Pro 10.18, Mendix Studio Pro 10.6, Mendix Studio Pro 11, Mendix Studio Pro 8 and Mendix Studio Pro 9. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-40592. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Sensor Intel Series: June 2025 CVE Trends

Erie Insurance reveals suspected network breach and ongoing outage

Amazon хотел «по умолчанию», Linux ответил «у нас так не работает».

A newly disclosed vulnerability, CVE-2025-33073, dubbed the “Reflective Kerberos Relay Attack,” has shaken the Windows security landscape. Discovered by RedTeam Pentesting and patched by Microsoft on June 10, 2025, this flaw allows low-privileged Active Directory users to escalate privileges to NT AUTHORITY\SYSTEM on domain-joined Windows systems that do not enforce SMB signing. The attack leverages […]

The post Windows SMB Client Zero-Day Vulnerability Exploited via Reflective Kerberos Relay Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GPS из помощника превратился в пульт от вашей машины.

CISA and international cybersecurity partners have released a comprehensive suite of guidance documents aimed at protecting critical network edge devices from increasingly sophisticated cyberattacks.  This coordinated effort, involving cybersecurity authorities from nine countries, including Australia, Canada, the United Kingdom, and Japan, addresses the growing threat to firewalls, routers, VPN gateways, and other internet-facing network infrastructure. […]

The post CISA Releases Guide to Protect Network Edge Devices From Hackers appeared first on Cyber Security News.

该漏洞暴露了AI Agents的根本缺陷

美国佐治亚州陆军国民警卫队启动第111电磁战连

Your weakest link doesn’t have to stay weak. Rethink file data management strategy today to secure your organization’s data—and trust.  

The post File Data: The Hidden Ransomware Threat Costing Enterprises Millions appeared first on Security Boulevard.

A sophisticated new threat platform, Nytheon AI, has emerged, which combines multiple uncensored large language models (LLMs) built specifically for malicious activities. The platform, discovered by Cato CTRL, is being actively promoted on popular hacking forums, including XSS and various Telegram channels, representing a significant evolution in how threat actors are leveraging artificial intelligence for […]

The post Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums appeared first on Cyber Security News.

80 000 взломанных аккаунтов — и все по инструкции с GitHub.