Aggregator

Red Hat 正式宣布了企业发行版 RHEL 10，同时拥抱 AI 推出了 AI 助手 RHEL Lightspeed，帮助 IT 管理员管理 RHEL 10 服务器，用户可以向 RHEL Lightspeed 询问类似“帮助我排除 SSHD 无法启动故障”等问题。RHEL 10 的主要变化包括：基于 Linux 6.12 LTS 内核，改进 Cockpit web 控制台, 更新了软件包如 PHP 8.3、Nginx 1.26、Git 2.47、MySQL 8.4 等等。Red Hat 还与 SiFive 合作推出针对 RISC-V 架构的 RHEL 10 开发者预览版，初步支持 SiFive 的 HiFive P550 开发板。

Datadog Security Research has uncovered a formidable new cryptojacking campaign dubbed “RedisRaider,” specifically targeting Linux servers with publicly accessible Redis instances. This sophisticated Linux worm employs aggressive propagation techniques and advanced obfuscation to exploit vulnerabilities in misconfigured Redis servers, deploying a customized version of the XMRig miner to mine Monero cryptocurrency. The threat actor behind […]

The post RedisRaider Campaign Targets Linux Servers by Exploiting Misconfigured Redis Instances appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities

Serviceaide, Inc. announced a significant data security breach affecting approximately 480,000 Catholic Health patients.  The incident, which occurred due to an improperly secured Elasticsearch database, exposed sensitive patient information for nearly seven weeks between September and November 2024.  Though no direct evidence of data theft has been confirmed, the company cannot rule out unauthorized access […]

The post Serviceaide Cyber Attack Exposes 480,000 Catholic Health Patients’ Data appeared first on Cyber Security News.

Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. [...]

Discover how SPICE, WIMSE, and SCITT are redefining workload identity, digital trust, and software supply chain integrity in modern machine-first environments.

The post Standards for a Machine‑First Future: SPICE, WIMSE, and SCITT appeared first on Security Boulevard.

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.

In 2025, Android users will face an increasingly sophisticated malware landscape, with evolving threats that leverage artificial intelligence, advanced evasion techniques, and new attack vectors. Despite efforts to bolster security, research indicates that malware continues to pose significant risks to the over 3 billion Android devices worldwide. The Current Malware Landscape Research suggests Android malware […]

The post Android Security Guide – Safeguarding Against Malware in 2025 appeared first on Cyber Security News.

A critical vulnerability in SAP enterprise software, CVE-2025-31324, has been exploited by the Russian Ransomware-as-a-Service (RaaS) group Qilin nearly three weeks before its public disclosure, according to a recent investigation. The vulnerability, which received the highest possible CVSS score of 10.0, affects SAP NetWeaver Visual Composer, a component widely deployed in enterprise environments globally. The […]

The post Qilin Exploited SAP 0-Day Vulnerability Weeks Before its Public Disclosure appeared first on Cyber Security News.

Cybercriminals are leveraging the Python Package Index (PyPI) to distribute malicious tools designed to exploit TikTok and Instagram APIs for verifying stolen account credentials. Security researchers at Socket have identified three such packages checker-SaGaF, steinlurks, and sinnercore that automate the process of validating emails and usernames against social media platforms. Released between April 2023 and […]

The post Hackers Abuse TikTok and Instagram APIs to Verify Stolen Account Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Internet monitoring services showed ongoing disruptions to Russia's tax service, as well as services for managing secure digital keys and documents (Saby), among others.

Multiple high-severity vulnerabilities affecting VMware Cloud Foundation could allow malicious actors to access sensitive data and perform unauthorized actions. The vulnerabilities, assigned CVE IDs CVE-2025-41229, CVE-2025-41230, and CVE-2025-41231 with CVSS base scores ranging from 7.3 to 8.2, posing significant risks to organizations using affected versions of VMware Cloud Foundation.  Directory Traversal Vulnerability Exposes Internal Services […]

The post VMware Cloud Foundation Vulnerability Let Attackers Access Sensitive Data appeared first on Cyber Security News.

Biotechnology giant Regeneron Pharmaceuticals has emerged as the successful bidder in the bankruptcy auction for genetic testing pioneer 23andMe, offering $256 million for the majority of the company’s assets. Announced Monday, the deal would transfer 23andMe’s consumer genomics business and valuable biobank containing genetic data from millions of customers to Regeneron, pending bankruptcy court and […]

The post Regeneron to Buy 23andMe for $256M Amid Growing Data Privacy Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #580588 / VDB-309664

Submit #580567 / VDB-309663