Aggregator

In this blog, we discuss about how Shadowpad is being used to deploy a new undetected ransomware family. They deploy the malware exploiting weak passwords and bypassing multi-factor authentication

切实提高光伏电站的运行效率和安全性。

Ransomware Attack Update for 19th of February 2025

本次研讨会旨在汇聚学术界和工业界的各方力量，交流领域内的最新研究进展，共同探讨大语言模型供应链的机遇与挑战。

本次研讨会旨在汇聚学术界和工业界的各方力量，交流领域内的最新研究进展，共同探讨大语言模型供应链的机遇与挑战。

CVE-2025-21355: Microsoft Bing Remote Code Execution Vulnerability

Demand for Cloud Security Skills Is Growing, Offering Good Pay and New Challenges
Cloud services support a wide range of applications from finance to healthcare systems and have become prime targets for cybercriminals, making cloud security a major concern for cybersecurity organizations. The need to secure the cloud is driving demand for skilled cloud security specialists.

Information-Stealing Malware Continues to Feed Markets for Stolen Credentials
Defense sector and military agency employees, and artificial intelligence service users, all show signs of having been infected by information-stealing malware, as the market for buying and selling stolen credentials continues to thrive, experts warn.

CDR, DLP Provider Will Help Safeguard Cloud-Based Applications, Collaboration Tools
Menlo Security bought a data and file security vendor led by a longtime IBM executive to secure cloud-based applications and collaboration tools. Votiro's CDR and DLP tools will neutralize threats in real time and facilitate AI-driven data protection without disrupting user workflows.

DOJ Says Contractor Falsely Claimed to Meet Critical Cyber Requirements
A military health benefits administrator has agreed to pay $11.2 million to settle allegations that the company falsely certified compliance with cybersecurity requirements - including patch management - for three years in a contract with the U.S. Department of Defense.

Regulators Cite Privacy Concerns Over DeepSeek's Data Collection Practices
The Personal Information Protection Commission, South Korea's data protection regulator, has directed Chinese artificial intelligence company DeepSeek AI to withdraw its chatbot application from official app stores pending an inquiry into the chatbot's compliance with data protection rules.

The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.

These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.

Darcula PhaaS 推出新版本，支持自动生成任何品牌的钓鱼工具包，克隆合法网站并窃取数据。Netcraft警告其易用性将大幅增加钓鱼攻击量，威胁全球网络安全！

Russia-linked threat actors exploit Signal ‘s “linked devices” feature to hijack accounts, per Google Threat Intelligence Group. Google Threat Intelligence Group (GTIG) researchers warn of multiple Russia-linked threat actors targeting Signal Messenger accounts used by individuals of interest to Russian intelligence. The experts speculate that the tactics, techniques, and procedures used to target Signal will […]

A vulnerability, which was classified as critical, was found in Adobe Substance3D Sampler up to 4.5.1. Affected is an unknown function. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-52995. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.