Aggregator

当前，我国正处在加速构建数据基础制度、释放数据要素价值的关键阶段。出台《关于培育数据流通服务机构 加快推进数据要素市场化价值化的意见》是对国家顶层设计、产业发展诉求与市场现实需要的及时回应，具有鲜明的针对性和指引性，可谓恰逢其时、意义重大。

网络经济犯罪不断蔓延、地缘政治复杂博弈与数字技术非法滥用等深度交织，成为2025年中东地区面临的网络安全威胁新特征。在此背景下，中东国家通过出台战略规划、加强基础设施建设、拓展国际合作、打击非法网络活动、加强对华联系等多种措施……

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several

Submit #758146 / VDB-347528

A fake Zoom meeting page looks real, triggers a bogus “update,” and silently installs surveillance software.

The post Fake Zoom meeting “update” silently installs surveillance software appeared first on Security Boulevard.

A vulnerability was found in Intelbras TIP 635G 1.12.3.5 and classified as critical. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. This vulnerability is identified as CVE-2026-3101. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Мессенджеру грозит полная деградация в РФ.

A vulnerability has been found in dotCMS 24.12/25.07 and classified as critical. This affects an unknown part of the component Velocity Scripting Engine. The manipulation leads to sql injection. This vulnerability is referenced as CVE-2025-11165. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in WSO2 API Manager and Identity Server. Affected by this issue is some unknown functionality. Executing a manipulation can lead to authentication bypass by spoofing. The identification of this vulnerability is CVE-2024-1524. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

Submit #757986 / VDB-347527

Before you can securely sign software or automate code signing in your Windows environment, you will need to configure your credentials for DigiCert® KeyLocker and the Signing Manager Command-Line Tool (SMCTL). Your credentials create a trusted connection between your local signing tools and DigiCert ONE to ensure that only authorized users are able to access… Read More How to Setup Credentials for Windows to Use DigiCert KeyLocker & SMCTL?

The post How to Setup Credentials for Windows to Use DigiCert KeyLocker & SMCTL? appeared first on SignMyCode - Resources.

The post How to Setup Credentials for Windows to Use DigiCert KeyLocker & SMCTL? appeared first on Security Boulevard.

Support is ending for three Windows products released in 2016, with deadlines beginning in October 2026. Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will reach end of support on October 13, 2026, followed by Windows Server 2016 on January 12, 2027. Microsoft states that organizations still running these products will receive one final monthly security update on the listed dates. After that, the systems will stop receiving security patches, non-security … More →

The post Microsoft extends security patching for three Windows products at a price appeared first on Help Net Security.

Learn why identity must be built into SaaS architecture from day one to ensure secure authentication, compliance, and scalable growth.

The post Building Secure SaaS Architecture: Why Identity Must Be Designed from Day One appeared first on Security Boulevard.

The CEO of Tesla and xAI recently stated that the artificial intelligence company Anthropic has stolen large amounts of data to train its models. Musk claims this data theft occurred on a massive scale, resulting in the company paying billions of dollars in settlements. The community notes appear to criticize Anthropic’s practices, prompting Musk to […]

The post Elon Musk Accuses Anthropic of Stealing Data in a Massive Scale appeared first on Cyber Security News.

上周关注度较高的产品安全漏洞(20260209-20260222)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞875个，其中高危漏洞491个、中危漏洞361个、低危漏洞23个。

Эмираты столкнулись с новым поколением хакеров.

Житель Москвы получил 15 суток за логотип запрещенной соцсети.

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data […]

Discord improves collaboration, but a compromised account can expose credentials, customer data and internal plans. Learn the risks and how to reduce exposure.

The post How Discord Can Expose Corporate Data appeared first on Security Boulevard.