Aggregator

Leaked Credentials Up 160%: What Attackers Are Doing With Them

不安全
4 months 3 weeks ago
文章探讨了组织凭据泄露的长期影响及其日益严重的威胁。数据显示,2024年凭据泄露占数据泄露事件的22%,超越钓鱼和软件漏洞。自动化工具如恶意软件和AI钓鱼使攻击更容易,且凭据常用于账户接管、密码填充等恶意活动。防范措施包括强密码策略、多因素认证及威胁检测技术。

Columbia University Data Breach – Hackers Stolen 870,000 Individuals Personal and Financial Data

Cyber Security News
4 months 3 weeks ago

Columbia University has disclosed a major cybersecurity incident where an unauthorized third party accessed and extracted a significant volume of personal and financial data. The breach, which affects a vast number of individuals connected to the university, was discovered following a technical outage in late June. According to a notice sent by the university, the […]

The post Columbia University Data Breach – Hackers Stolen 870,000 Individuals Personal and Financial Data appeared first on Cyber Security News.

Guru Baran

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

The Hackers News
4 months 3 weeks ago
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users and likely resell them on dark web forums like Russian Market. The activity is assessed to be active since at least March 2023, according to the software supply
The Hacker News

From Chrome renderer code exec to kernel with MSG_OOB

不安全
4 months 3 weeks ago
Google Project Zero团队发现Linux内核6.9及以上版本中存在一个安全漏洞(CVE-2025-38236),与UNIX域套接字的MSG_OOB功能相关。该漏洞允许攻击者通过特定的send和recv操作触发使用后释放(UAF)问题,从而实现权限提升。修复版本改进了对OOB消息的管理逻辑以避免指针悬空问题。

RubyGems Malware Attack Weaponizes 60+ Packages to Steal Credentials from Social Media and Marketing Tools

Cyber Security News
4 months 3 weeks ago

Threat actors began slipping malicious code into legitimate RubyGems packages, disguising infostealers as social media automation tools in early 2023. Over the past two years, attackers operating under aliases such as zon, nowon, kwonsoonje, and soonje have published more than 60 gems that deliver promised automation features—bulk posting, engagement amplification, and backlink creation—while covertly harvesting […]

The post RubyGems Malware Attack Weaponizes 60+ Packages to Steal Credentials from Social Media and Marketing Tools appeared first on Cyber Security News.

Tushar Subhra Dutta

天文学家发现至今最重的黑洞

Solidot
4 months 3 weeks ago
天文学家在距离地球 50 亿光年外的狮子座双星系引力透镜系统 Cosmic Horseshoe 中发现了至今最重的黑洞。其质量是银河系超大质量黑洞的 1 万多倍,太阳质量的 360 亿倍。Cosmic Horseshoe 是已知最大的星系透镜,其核心被认为有一个超大质量黑洞,但科学家对其质量难以给出具体数字。英国朴茨茅斯大学的研究人员测量了恒星围绕黑洞旋转的速度,以及黑洞引力对光线的弯曲程度,结果发现它可能是宇宙质量最大的黑洞。

Identity Attacks: The Silent Killer of UK SMBs (And How to Thwart Them)

Security Boulevard
4 months 3 weeks ago

Identity Attacks: The Silent Killer of UK SMBs (And How to Thwart Them) When you think of a cyberattack, you might picture ransomware, phishing emails, or even hackers “breaking in” to your systems. But increasingly, attackers don’t need to smash down the door, they just log in. Identity-based attacks, where malicious actors use stolen, spoofed […]

The post Identity Attacks: The Silent Killer of UK SMBs (And How to Thwart Them) appeared first on Clear Path Security Ltd.

The post Identity Attacks: The Silent Killer of UK SMBs (And How to Thwart Them) appeared first on Security Boulevard.

Clear Path Security Ltd

Managed ad