Aggregator

anonmoose is Allegedly Selling the Data of Thumb Play

Less than a month after its groundbreaking launch, Chinese artificial intelligence company DeepSeek has found itself at the center of a cybersecurity storm. The company, which debuted its first AI model, DeepSeek-R1, on January 20, 2025, has been grappling with severe cyberattacks that have disrupted operations and delayed new user registrations. These attacks, involving the […]

The post Hail and Rapper Botnet is the Mastermind Behind the DeepSeek Cyberattack appeared first on Cyber Security News.

AI 训练通常成本高昂，金额可能多达千万美元。上周五斯坦福大学、华盛顿大学、艾伦 AI 研究所以及 Contextual AI 的研究人员在预印本平台 arXiv 上发表了论文《s1: Simple test-time scaling》，提出了一种超低成本的 AI 训练方法，在 AI 社区引发了轰动。OpenAI 第一个提出了被称为 inference-time scaling laws（推理时间扩展定律）的方法，本质上指的是大模型在输出答案前如果“思考”更长时间那么就可能获得更高的性能。但无论是 OpenAI 还是 R1 都没有给出具体实现方法。在这篇论文中，研究人员给出了一种简单实现：在进行推理时用“等待”替换“停止思考”，迫使其继续思考进行第二次推理并核查第一次的答案。研究人员使用了一个小模型，将 56K 示例数据集筛选到 1K，这 1K 数据集足以在 32B 模型上实现 o1-preview 的性能，额外的数据不会提高性能。他们使用 16 个 NVIDIA H100 进行训练，每次运行 26 分钟，花了约 6 美元。

Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes. Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in Identity Services Engine (ISE). A remote attacker authenticated with read-only administrative privileges could exploit the […]

Мейнтейнер Linux назвал многоязычность "раком" для ядра системы.

Spanish authorities, in collaboration with international agencies, have arrested a suspected hacker accused of orchestrating over 40 cyberattacks targeting critical public and private entities.  The arrest, made in Calpe, Alicante, is the result of a combined operation between Spain’s National Police and the Civil Guard.  The suspect is believed to have infiltrated the computer systems […]

The post Authorities Arrested Hacker Who Compromised 40+ Organizations appeared first on Cyber Security News.

Система расширит возможности перехвата до 200 километров.

This new independent non-profit was set up by the UK insurance industry to bring more transparency around cyber events

Их имена долго скрывались за экранами, но теперь они известны всем.

When it comes to protecting your company from cyberattacks, you don't have to be the fastest gazelle — you just can't afford to be the slowest.

Qualys introduced TotalAppSec, an AI-powered application risk management solution designed to unify API security, web application scanning and web malware detection across on-premises, hybrid and multi-cloud environments.

The post Qualys TotalAppSec Strengthens Application Risk Management appeared first on Security Boulevard.

A Bitdefender researcher was targeted by North Korea’s Lazarus with the lure of a fake job offer

A vulnerability was found in Honeywell OneWireless Network Wireless Device Manager up to 322.2/330.1 and classified as critical. This issue affects some unknown processing of the component Firmware Update Handler. The manipulation leads to command injection. The identification of this vulnerability is CVE-2023-5878. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. This vulnerability was named CVE-2025-1086. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

Иллюзия контроля рассеивается, когда мнимая угроза становится реальной.

Threat actors have been leveraging the legitimate Remote Monitoring and Management (RMM) tool, ScreenConnect, to establish persistence in their cyberattacks. This trend shows the evolving tactics of hackers who exploit trusted software to gain unauthorized access to systems. ScreenConnect, now known as ConnectWise Control, is a widely used RMM tool that allows IT teams to […]

The post Hackers Exploiting ScreenConnect RMM Tool to Establish Persistence appeared first on Cyber Security News.