Aggregator
SAP security advisory – July 2026 monthly rollup (AV26-690)
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
New macOS malware steals passwords by posing as Apple’s crash-reporting tool
Jamf Threat Labs has uncovered a new macOS infostealer named CrashStealer that disguises itself as Apple’s crash-reporting tool to steal passwords, Keychain data, and cryptocurrency wallets. The malware was first spotted in May while it was still under development. By early July, Jamf was seeing in-the-wild detections, indicating it had moved into active use. “Unlike much of the commodity stealer activity on macOS, which is built on AppleScript droppers or thin Objective-C wrappers, CrashStealer is … More →
The post New macOS malware steals passwords by posing as Apple’s crash-reporting tool appeared first on Help Net Security.
阿里云先知团队招聘AI攻防安全专家
用户态漏洞分析之CVE-2026-41089
2026polarctf夏季赛Escape, escape!特辑
实战|从AI API SSRF到K8s集群凭证泄露——一次大模型服务的内网渗透全记录
Miasma Worm Returns as RAT-First npm Attack With Automatic Propagation Disabled
Four AsyncAPI packages previously affected by the Shai-Hulud: The Second Coming campaign have been compromised again, with new malicious releases delivering a RAT-focused build of the Miasma worm. The impacted versions are @asyncapi/generator 3.3.13.3.13.3.1, @asyncapi/generator-components 0.7.10.7.10.7.1, @asyncapi/generator-helpers 1.1.11.1.11.1.1, and @asyncapi/specs 6.11.26.11.26.11.2 and 6.11.2−alpha.16.11.2-alpha.16.11.2−alpha.1. Unlike the prior Miasma activity, the AsyncAPI packages do not use malicious […]
The post Miasma Worm Returns as RAT-First npm Attack With Automatic Propagation Disabled appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
[Control systems] Siemens security advisory (AV26-689)
В открытом космосе впервые нашли сахар — на расстоянии 26 745 световых лет от Земли
AI 公司高管以及经济学家呼吁就 AI 对经济的影响采取行动
Ваш новый телевизор может умереть от одного перегоревшего диода. Спойлер: это не приговор
A broken DNSSEC rollover took down .al. Now 1.1.1.1 tells you when validation is bypassed
Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
Why AI Moves Faster Than the Controls Built to Manage It
Boardroom Conversations Shift to Surviving a Breach
Black Nevas
You must login to view this content
xAI Grok CLI Exposed Developer Code Through Automatic Whole-Repository Uploads
According to a reproducible wire-level analysis of version 0.2.93, xAI’s Grok Build CLI allegedly transmitted entire Git repositories, including unread files and commit history, to xAI infrastructure by default. The researcher noted that the behavior also sent the contents of files accessed by the agent, including a test .env file containing simulated credentials, without redaction. […]
The post xAI Grok CLI Exposed Developer Code Through Automatic Whole-Repository Uploads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.