Aggregator

ByteSRC 正式启动开源项目漏洞收录计划，100+资产上新！

A vulnerability categorized as problematic has been discovered in Karel ViPort up to 23012026. This impacts an unknown function. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-1819. The attack may be launched remotely. There is no exploit available.

Socure has released Socure for Government (SocureGov) RiskOS to help public sector organizations deliver simpler, faster, and more transparent digital identity verification and fraud prevention at scale. SocureGov RiskOS unifies identity proofing, fraud detection, and program integrity into a single intelligent control plane, supporting the full constituent lifecycle, from onboarding and progressive verification to authentication, payments, and account recovery. By eliminating fragmented systems and slow decision cycles, RiskOS enables agencies to stop fraud earlier while … More →

The post Socure unifies identity, fraud, and program integrity for government at scale appeared first on Help Net Security.

ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users.

Cybersecurity shouldn’t block mission outcomes. Cross Domain Solutions show how secure data access enables speed, trust and better decisions.

The post Rebrand Cybersecurity from “Dr. No” to “Let’s Go” appeared first on Security Boulevard.

Рассекреченные документы описывают первые вредоносные программы в СССР: «Вена» и «Каскад».

Fingerprint has released Authorized AI Agent Detection, its new ecosystem of AI agents, including OpenAI, AWS AgentCore, Browserbase, Manus and Anchor Browser. The ecosystem enables enterprises to detect authorized agentic AI traffic with 100% certainty, allowing organizations to distinguish trusted, permissioned automation from malicious bots and scrapers. As AI agents account for a growing share of automated web traffic, organizations face a fundamental shift in how they evaluate digital interactions. Traditional “block all bots” approaches … More →

The post Fingerprint enables enterprises to tell trusted AI agents apart from bots and scrapers appeared first on Help Net Security.

Alert fatigue hides the real problem: Legacy SOC models can’t detect modern threats. Why alert-driven security fails and what replaces it.

The post Alert Fatigue: Why SOCs Are Fighting the Wrong Battle appeared first on Security Boulevard.

Zero-trust architecture helps banks secure cloud environments, meet regulations, and scale innovation through identity-first security.

The post Building a Zero-Trust Framework for Cloud Banking appeared first on Security Boulevard.

HackerNews 编译，转载请注明出处： Step Finance 发布公告称，因公司高管团队设备遭黑客入侵，平台损失价值 4000 万美元的数字资产。 该平台于1月31日检测到此次入侵，并联系了网络安全研究人员，后者帮助其追回了部分被盗资产。 Step Finance是一个构建于Solana区块链上的去中心化金融（DeFi）平台和分析工具，允许用户可视化展示、跟踪、分析并管理自身加密资产及持仓情况。 该平台被视为最活跃且使用最广泛的Solana仪表板之一，还可通过自身界面支持交易执行、代币兑换、质押及其他去中心化金融操作。平台同时发行自有代币 $STEP，该代币交易量相对有限。 1 月 31 日，Step Finance 发布公告称，平台多个金库钱包遭入侵，威胁行为者利用了某一 “已知攻击载体” 实施攻击。 Step Finance 在初始声明中表示：“今日早些时候（亚太时段），我方多个金库钱包遭一名技术老练的攻击者入侵。” 该平台已向有关部门报备，并与网络安全专业团队紧密协作，快速制定漏洞修复及风险补救措施。 区块链分析机构 CertiK 当时通报，被盗资产折合 261854 枚 SOL 代币，价值约 2890 万美元，但 Step Finance 经调查确认，本次损失总额约为 4000 万美元。 得益于Token22保护机制和合作伙伴的协调，目前已追回价值约 370 万美元的 Remora 相关资产及 100 万美元的其他持仓。 受此次事件影响，平台已暂停部分业务，全力推进安全防护加固工作。Step Finance 指出，其旗下子平台 Remora Markets 未受此次事件波及，且所有 rToken 代币仍保持 1:1 全额储备。 平台建议用户在调查结束前，暂停所有 $STEP 代币相关操作。平台将对漏洞攻击前的系统状态进行快照留存，针对 $STEP 代币持有者的解决方案目前正在推进中。 Step Finance 未披露攻击细节及攻击者身份，这引发了外界对该事件可能是 “卷款跑路” 或 “内鬼作案” 的猜测，相关质疑目前尚未得到妥善回应。 该平台 4000 万美元的损失数额虽触目惊心，但仅占 1 月全球加密资产失窃总金额的约十分之一。CertiK 本周早些时候发布的数据显示，今年 1 月全球加密资产失窃总金额达 3.98 亿美元，其中仅约 436.6 万美元被追回。 2025 年全年共发生 147 起已确认的加密领域黑客攻击事件，总损失近 28.7 亿美元；而历史损失最高年份仍为 2022 年，当年 179 起成功攻击造成的损失达 37.1 亿美元。 消息来源:bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

【热点研判】泰国2026大选民粹与民族主义交织，政坛再洗牌或影响中泰关系走向（资料编码260204531，1

2025年的美国情报界正在发生一场静悄悄的变革。为了应对日益激烈的人才竞争和瞬息万变的技术环境，CIA、NSA等情报机构正从培养机制到薪酬体系进行全面升级。

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been rated as critical. This affects an unknown function. Performing a manipulation results in csv injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2026-24447. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been declared as problematic. The impacted element is an unknown function of the component Export Sites. Such manipulation leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2026-22875. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4. It has been classified as problematic. The affected element is an unknown function of the component Edit Comment Handler. This manipulation causes cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2026-21393. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium 8.4 and classified as critical. Impacted is an unknown function. The manipulation results in unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2026-23704. It is possible to launch the attack remotely. No exploit is available.

Detectify has launched Internal Scanning, a solution that eliminates the visibility gap between external perimeters and internal environments, allowing security teams to discover and remediate vulnerabilities behind the firewall with the same speed and precision they apply to external assets. Organizations have been considering the internal network as a safe room. Detectify challenges this dangerous courtesy: compromised endpoints and lateral movement have turned internal-facing apps (like staging environments and admin panels) into prime targets. Internal … More →

The post Detectify Internal Scanning finds and fixes vulnerabilities behind the firewall appeared first on Help Net Security.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！