Aggregator

A security researcher has uncovered critical vulnerabilities in Eight Sleep’s internet-connected smart beds, revealing exposed Amazon Web Services (AWS) credentials, remote SSH backdoors, and potential access to users’ entire home networks. The findings underscore growing concerns about IoT device security as consumers increasingly adopt connected appliances for everyday use. Researcher Discovers AWS Keys and Remote […]

The post Smart Bed Security Flaw Lets Hackers Access Other Network Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitHub 通过 CodeQL 实现大规模安全防护，结合自定义查询包、自动化变种分析与提示性告警，构建高效漏洞检测体系，为开发者提供企业级代码安全实践范本。

GitHub 通过 CodeQL 实现大规模安全防护，结合自定义查询包、自动化变种分析与提示性告警，构建高效漏洞检测体系，为开发者提供企业级代码安全实践范本。

A leak suggests that Chinese cybersecurity firm TopSec offers censorship-as-a-service services, it provided bespoke monitoring services to a state-owned enterprise facing a corruption scandal. SentinelLABS researchers analyzed a data leak that suggests that the Chinese cybersecurity firm TopSec offers censorship-as-a-service services. The origin of the data leak is unclear, the leak is large and inconsistently […]

A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated threat actors, citing evidence of infrastructure linked to CDS Global Cloud and UCLOUD HK, which have operational ties to China. The attack utilizes command-and-control (C2) servers hosted by SharkTech, a U.S.-based provider previously identified for hosting malicious activity. “These findings from our STRIKE Threat Intelligence team … More →

The post Massive botnet hits Microsoft 365 accounts appeared first on Help Net Security.

一项研究发现，许多国家用于高尔夫球场的土地总面积超过了风能或太阳能的土地面积。在公共辩论中可再生能源项目的土地需求经常受到批评，但形成鲜明对比的是：大片土地被分配给了只服务于少数富人的高尔夫球场。研究发现在美英等国，分配给高尔夫球场的土地远多于分配给可再生能源设施的土地。在高尔夫球场最多的十个国家中，高尔夫球场的土地面积可支持 842 GW的太阳能和 659 GW的风能容量——超过了现有的可再生能源装机容量。高尔夫球场通常需要大量的水和化学处理，对环境有巨大影响。相比下，太阳能发电场和风力涡轮机能提供可持续的土地利用，同时还能减少温室气体排放。太阳能发电场每 MW 需要约 0.01 平方公里土地，而风力发电场每 MW 需约 0.12 平方公里的土地。

Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at least one that was successful. “We have thousands of direct integrations with key cloud services such as Microsoft Entra ID, O365, Okta and Google Workspace as well as tens-of-millions of monitored user accounts,” the company’s … More →

The post Account takeover detection: There’s no single tell appeared first on Help Net Security.

A vulnerability has been found in wpo365 WPO365 Plugin up to 3.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument redirect_to leads to open redirect. This vulnerability was named CVE-2025-1488. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.