Aggregator

Как создатель Laravel  покорил половину PHP-сообщества.

CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-245-01 Delta Electronics EIP Builder
• ICSA-25-245-02 Fuji Electric FRENIC-Loader 4
• ICSA-25-245-03 SunPower PVS6
• ICSA-25-182-06 Hitachi Energy Relion 670/650 and SAM600-IO Series (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2020-24363 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
• CVE-2025-55177 Meta Platforms WhatsApp Incorrect Authorization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Many types of air cleaners can generate small amounts of air pollution. Until now, there was no standard way to measure these negative by-products.

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. [...]

Leaked ChatGPT chats reveal users sharing sensitive data, resumes, and seeking advice on mental health, exposing risks of…

每天的工作难度虽然不高，但是却异常琐碎，完全没有自己的思考时间，导致我的博客已经很久没有更新了。这种日子到底还有多久？我到底能不能成为说唱歌手？

A comprehensive new report spanning 2010 to 2025 reveals the ever-evolving landscape of commercial spyware vendors (CSVs), exposing the methods these private firms employ to infiltrate devices, their typical targets, and the infection chains that deliver their covert implants. The study, produced by a leading cybersecurity intelligence firm, underscores the persistent threat posed by CSVs—from […]

The post Mapping the Web of Commercial Spyware: Targets and Attack Chains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments.

Оказалось, квантовая угроза ближе, чем мы думали.

The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily work. Similarly, research from Harmonic Security found that 45.4% of sensitive AI interactions are coming from personal email accounts, where employees are bypassing corporate

A sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation, attributed to an Iranian-aligned group known as Homeland Justice and linked to Iran’s Ministry of Intelligence and Security (MOIS), masqueraded as legitimate multi-factor authentication (MFA) communications to infiltrate governments and diplomatic missions around the world. […]

The post Iran-Nexus Hackers Exploit Omani Mailbox to Target Governments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

导入时，nodejspsmtp 立即调用了旨在提取钱包如 Atomic Wallet 和 Exodus 的基于 Electron 的 payload。

Эпитафия открытому вебу: убит нейросетями в возрасте 32 лет.

关键词安全漏洞HashiCorp Vault 被曝存在一个 高危拒绝服务（DoS）漏洞，漏洞编号 CVE-20

关键词GPS据《金融时报》报道，欧盟委员会主席冯德莱恩在前往保加利亚途中，其专机遭遇疑似俄罗斯发动的 GPS干

关键词恶意软件网络安全研究人员近期指出，Android 恶意软件生态正在出现明显变化。

关键词开源模型近日，美团正式发布并开源了其首个大语言模型 LongCat-Flash-Chat，这一消息迅速在

Researchers have demonstrated that advanced prompt injection techniques can turn defensive AI agents into potent vectors for system compromise. The findings, detailed in a new preprint titled “Cybersecurity AI: Hacking the AI Hackers via Prompt Injection,” expose a fundamental architectural weakness in large language model (LLM)–based security tools that could upend trust in automated pen-testing […]

The post Prompt Injection Attacks Can Exploit AI-Powered Cybersecurity Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.