Тихий океан становится не таким тихим. Хакеры атаковали американские заморские территории
Правительство Северных Марианских островов признало масштабный взлом инфраструктуры.
Aggregator
CVE-2026-9256 | F5 NGINX Plus/NGINX Open Source prior 37.0.1.1/R32 P7/R36 P5 ngx_http_rewrite_module heap-based overflow (K000161377)
4 weeks 1 day ago
A vulnerability marked as critical has been reported in F5 NGINX Plus and NGINX Open Source. Affected by this issue is some unknown functionality of the component ngx_http_rewrite_module. The manipulation leads to heap-based buffer overflow.
This vulnerability is documented as CVE-2026-9256. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-45145 | Follett Destiny Library Manager up to 22.5 image path traversal
4 weeks 1 day ago
A vulnerability labeled as critical has been found in Follett Destiny Library Manager up to 22.5. Affected by this vulnerability is an unknown functionality. Executing a manipulation of the argument image can lead to path traversal.
This vulnerability is registered as CVE-2025-45145. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
vuldb.com
Former US execs plead guilty to aiding tech support scammers
4 weeks 1 day ago
Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]
Sergiu Gatlan
CVE-2021-21508 | Dell VxRail 4.7.410/4.7.411 log file
4 weeks 1 day ago
A vulnerability identified as problematic has been detected in Dell VxRail 4.7.410/4.7.411. Affected is an unknown function. Performing a manipulation results in sensitive information in log files.
This vulnerability is cataloged as CVE-2021-21508. The attack must be initiated from a local position. There is no exploit available.
You should upgrade the affected component.
vuldb.com
Microsoft Edge security advisory (AV26-497)
4 weeks 1 day ago
Canadian Centre for Cyber Security
APT73
4 weeks 1 day ago
You must login to view this content
cohenido
APT73
4 weeks 1 day ago
You must login to view this content
cohenido
Android Malware Silently Subscribes Victims to Premium Services Without Consent
4 weeks 1 day ago
A newly uncovered Android malware campaign has been quietly draining money from mobile users across four countries by signing them up for paid services they never asked for. The operation ran for nearly ten months and carried out financial fraud entirely behind the scenes, using fake versions of well-known apps as its primary entry point […]
The post Android Malware Silently Subscribes Victims to Premium Services Without Consent appeared first on Cyber Security News.
Tushar Subhra Dutta
Hillpointe Allegedly Targeted: 2.5M U.S. Housing Development Customer and Employee Records Leaked
4 weeks 1 day ago
A threat actor on an underground forum is claiming to leak customer and employee data allegedly belonging to Hillpointe, a U.S. housing development and property management company.
Dark Web Informer
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
4 weeks 1 day ago
Key Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strategic objectives through cyber operations. These activities included targeting internet-connected cameras, conducting destructive attacks against US and Israeli entities, and exfiltrating data from cloud environments to support broader kinetic and intelligence-gathering efforts. Nimbus Manticore (also tracked as UNC1549) is an IRGC-affiliated threat […]
The post Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict appeared first on Check Point Research.
stcpresearch
The Good, the Bad and the Ugly in Cybersecurity – Week 21
4 weeks 1 day ago
Cops seize First VPN and share intel on users, Reaper spoofs multiple brands to infect Macs, and two Microsoft Defender zero-days exploited in the wild.
SentinelOne
Why the Supreme Court's Chatrie case could change the meaning of privacy in America
4 weeks 1 day ago
Lawyer Adam Unikowsky spoke with Recorded Future News about why he believes geofence searches are problematic and why the way the court rules could have a dramatic impact on Americans’ right to privacy.
Canadian man arrested, charged for running KimWolf DDos botnet
4 weeks 1 day ago
In court documents unsealed on Thursday, the Justice Department said Jacob Butler ran KimWolf as a DDoS-for-hire service that infected over a million devices worldwide.
沃茨告诉毕业生他们拥有真正的智能
4 weeks 1 day ago
苹果联合创始人沃茨(Steve Wozniak)做到了其他毕业典礼嘉宾没有做到的事情:他谈论 AI 时赢得了毕业生的欢呼,而不是嘘声。沃茨说,“You have AI — actual intelligence。”他说,“要深入谈谈我对 AI 的看法,那就说来话长了,但我们一直在努力创造一个大脑,我们能否将一个程序复制一万亿次使其像大脑一样运作?AI 就是其中一种尝试。”沃兹回顾了他在苹果公司的工作经历,为即将开始职业生涯的毕业生们提供了一些建议,“你们应该尝试换一种思维,不要墨守成规,走千篇一律的路。想想我能不能做一些与众不同的事情?”
Один пропущенный токен, репозитории GitHub и шантаж в духе Shai-Hulud. Хакеры взломали Grafana Labs
4 weeks 1 day ago
Grafana Labs раскрыла все детали взлома GitHub и объяснила, почему платить отказалась.
Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University
4 weeks 1 day ago
A newly uncovered cyber operation has raised concerns among security professionals after a coordinated wave of attacks targeted government institutions in Pakistan. The campaign, now tracked as Operation Dragon Whistle, used highly convincing phishing emails to trick employees into opening malicious file attachments. Once those files were opened, they set off a chain of events […]
The post Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University appeared first on Cyber Security News.
Tushar Subhra Dutta
Linus Torvalds 谈 AI
4 weeks 1 day ago
Linux 作者 Linus Torvalds 在北美开源峰会上谈论了 AI,他认为 AI 工具正在重塑内核开发,但他坚称 AI 只是一种不错的工具,不会完全替代程序员。Torvalds 称内核最近两个版本的 commits 数增加了 20%,他一开始以为是内核版本号从 6.x 跳到 7.x 而让开发者兴奋不已,结果发现是因为 AI 辅助编程工具过去半年有了显著进步。他承认 AI 工具降低贡献者的门槛,但它真正的影响是社会而不是技术层面,一个例子就是安全邮件列表涌入了大量重复性的 bug 报告。为应对这一情况,内核制定了新规则。Torvalds 同时督促安全研究人员不要提前披露漏洞利用,内核最近发现了四个提权漏洞,但维护者还没收到通知研究员就提前公开,他说这些人喜欢引人瞩目。他不认为闭源能解决安全问题,闭源实际上更糟,因为 AI 无法帮助你修复 bug。Torvalds 说维护工作依赖于人而不是代码,作为最高级别的维护者,他的工作不是写代码而是与人合作,他不会用 AI 来与人合作,并建议其他人也不要这么做。他始终认为 AI 只是不错的工具,不会完全取代程序员。他的工作经历就凸显了工具的进步给程序员带来的生产力提升:他最开始是手动输入机器代码,然后用汇编器,接着是编译器,最后是今天的 AI 辅助编程。他认为 AI 在改变编程,但并没有改变编程的本质。开发者仍然需要理解工具生成了什么。对于任何长期运行的系统,“你不仅要理解指令,还要理解最终结果,因为这是你能长期维护它的唯一途径。”AI 并不能取代人类判断、社区规范以及对所构建系统的深刻理解,“软件非常复杂,管理复杂基础设施复杂性的唯一真正有效方法是开源”,而 AI 只是程序员工具箱中的又一个工具。
Akira
4 weeks 1 day ago
You must login to view this content
cohenido
Akira
4 weeks 1 day ago
You must login to view this content
cohenido