Play
You must login to view this content
Aggregator
Play
4 months 2 weeks ago
You must login to view this content
cohenido
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
Play
4 months 2 weeks ago
You must login to view this content
cohenido
New EncryptHub Campaign Leverages Brave Support Platform to Deliver Malicious Payloads via MMC Vulnerability
4 months 2 weeks ago
The cyberthreat landscape continues to evolve as malicious actors develop increasingly sophisticated attack methods, with the EncryptHub threat group emerging as a particularly concerning adversary. This emerging threat actor, also known as LARVA-208 and Water Gamayun, has been making headlines for its aggressive campaigns targeting Web3 developers and abusing legitimate platforms to deliver malicious payloads. […]
The post New EncryptHub Campaign Leverages Brave Support Platform to Deliver Malicious Payloads via MMC Vulnerability appeared first on Cyber Security News.
Tushar Subhra Dutta
Threat Attack Daily - 14th of August 2025
4 months 2 weeks ago
Threat Attack Daily - 14th of August 2025
Dark Web Informer
CVE-2025-31241 | Apple iOS/iPadOS double free (EUVD-2025-14399)
4 months 2 weeks ago
A vulnerability has been found in Apple iOS and iPadOS and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to double free.
This vulnerability is known as CVE-2025-31241. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-31241 | Apple visionOS double free (EUVD-2025-14399)
4 months 2 weeks ago
A vulnerability was found in Apple visionOS and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to double free.
This vulnerability is handled as CVE-2025-31241. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Ransomware Attack Update for the 14th of August 2025
4 months 2 weeks ago
Ransomware Attack Update for the 14th of August 2025
Dark Web Informer
SDL 83/100问:上传图片的API,除了常见web漏洞外,是否还会有风险?
4 months 2 weeks ago
这是一个合规问题,在软件开发的需求阶段,以安全需求的形式提出来,让业务方放到需求池中排期做。
在此之前我也没有关注这方面的意识,直到SRC收到白帽子提交的涉H图片漏洞,才意识到这方面应该纳入考虑,应用场景主要是:图片上传并展示到公众页面的功能,比如上传头像、论坛中允许发图片等。
在选择时,应该首选大厂,定期测试接口的可用性以及是否正常,避免过度信任带来内容安全风险。
-------------更多内容,请访问-------------
1、SDL 100问
SDL100问:我与SDL的故事
SAST误报太高,如何解决?
SDL需要哪些人参与?
大家都有哪些SDL运营指标?
业务系统是否可以带漏洞上线?
日常的漏洞运营,也应该是SDL团队来做吗?
关于开发安全BP,对开展SDL有哪些帮助?
SDL 79/100问:如何塑造开发安全文化?
SDL 80/100问:怎样算是IAST扫描,都有哪些模式?
SDL 81/100问:如何快速应急开源组件漏洞,比如fastjson?
SDL 82/100问:说到供应链,有没有第三方信息安全相关的法规或者标准?
2、SDL创新实践
首发!“ 研发安全运营 ” 架构研究与实践
DevSecOps实施关键:研发安全团队
DevSecOps实施关键:研发安全流程
DevSecOps实施关键:研发安全规范
DevSecOps实施关键:研发安全工具
从安全视角,看研发安全
数字化转型下研发安全痛点
一个思考:安全测试驱动产品安全?
3、SDL最初实践
【SDL最初实践】开篇
【SDL最初实践】安全培训
【SDL最初实践】安全需求
【SDL最初实践】安全设计
【SDL最初实践】安全开发
【SDL最初实践】安全测试
【SDL最初实践】安全审核
【SDL最初实践】安全响应
4、安全运营实践
基于实践的安全事件简述
安全事件运营SOP:钓鱼邮件
安全事件运营SOP:网络攻击
安全事件运营SOP:蜜罐告警
安全事件运营SOP:webshell事件
安全事件运营SOP:接收漏洞事件
应急能力提升:实战应急困境与突破
应急能力提升:挖矿权限维持攻击模拟
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations
4 months 2 weeks ago
A new HTTP/2 denial-of-service (DoS) vulnerability called MadeYouReset was recently disclosed by security researchers. Cloudflare HTTP DDoS mitigation, already protects from MadeYouReset.
Alex Forster
Dire Wolf
4 months 2 weeks ago
You must login to view this content
cohenido
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
The Cost of NYDFS Cybersecurity Noncompliance: What You Need to Know in 2025
4 months 2 weeks ago
The New York State Department of Financial Services (NYDFS) has long been a leader in setting cybersecurity standards for the financial services and insurance sectors. Under 23 NYCRR Part 500, regulated entities are required to implement a comprehensive cybersecurity program that addresses governance, access controls, incident response, and ongoing risk management.
The post The Cost of NYDFS Cybersecurity Noncompliance: What You Need to Know in 2025 appeared first on Security Boulevard.
Roman Kadinsky, Cofounder, President & COO, HYPR
Middle Eastern Organizations Targeted With Charon Ransomware
4 months 2 weeks ago
New Ransomware Possibly Linked to Earth Baxia
A previously uncatalogued ransomware strain is targeting public sector and aviation organizations in the Middle East. The threat actor uses techniques similar to a previously documented hacking group tracked as Earth Baxia and likely based in China.
A previously uncatalogued ransomware strain is targeting public sector and aviation organizations in the Middle East. The threat actor uses techniques similar to a previously documented hacking group tracked as Earth Baxia and likely based in China.
Man Charged in Cyberstalking the Widow of Slain UHC CEO
4 months 2 weeks ago
Experts Warn of Expanding Intersection of Digital and Physical Threats to Victims
Federal prosecutors have charged a New York man with criminal cyberstalking the widow of murdered UnitedHealthCare CEO Brian Thompson. Experts say the case spotlights the ongoing convergence of physical violence and digital threats facing executives, their families and others.
Federal prosecutors have charged a New York man with criminal cyberstalking the widow of murdered UnitedHealthCare CEO Brian Thompson. Experts say the case spotlights the ongoing convergence of physical violence and digital threats facing executives, their families and others.
Breach Roundup: Russian Hackers Attacked Norwegian Dam
4 months 2 weeks ago
Also: Spain Defies Pressure to Eject Huawei, Hackers Leak North Korea Kimsuky Data
This week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.
This week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.
Downgrade Attack Allows Phishing Kits to Bypass FIDO
4 months 2 weeks ago
You probably can't break FIDO authentication. Still, researchers have shown that there are ways to get around it.
Nate Nelson, Contributing Writer