Aggregator

Керн Sapphire Canyon может ответить на главный вопрос — но сначала надо привезти его через 225 млн км.

声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部

Гендиректор ФГУП «Космическая связь» о планах на 15–20 лет.

MatrixPDF将普通PDF转化为钓鱼和恶意软件工具,利用覆盖层、嵌入脚本等手段绕过过滤器。攻击者通过伪装安全文档诱使用户点击链接或允许权限以获取恶意载荷。

Forrester predicts agentic AI will be responsible for a major data breach in 2026

Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware

An extortion group known as the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, making off with nearly 570GB of compressed data from 28,000 internal repositories. This data theft is being regarded as one of the most significant breaches in technology history, involving the unauthorized extraction of source code and sensitive confidential […]

The post Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories appeared first on Cyber Security News.

研究人员发现两款伪装成Signal和ToTok的间谍软件ProSpy和ToSpy，通过虚假网站和应用商店传播，在阿联酋进行针对性攻击，窃取敏感数据并持续运行。

Утекли снимки, имена, ключи... что на это скажет компания  Lifeprint?

Nisos通过开源情报和外部监控识别内部威胁，关注职场冲突、兼职工作、数据收集等关键指标，帮助企业预防潜在风险。

ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through fake websites and social engineering. Researchers identified two previously unknown spyware families. Android/Spy.ProSpy poses as upgrades or add-ons for the Signal app and the discontinued ToTok app, while Android/Spy.ToSpy pretends to be the ToTok app itself. The ToSpy campaign is still active, supported by command-and-control servers that remain … More →

The post ProSpy and ToSpy: New spyware families impersonating secure messaging apps appeared first on Help Net Security.

In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.

Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in…

ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates

A vulnerability has been found in Linux Kernel up to 6.6.63/6.11.10/6.12.1 and classified as problematic. This impacts the function schedule_delayed_monitor_work of the component kvfree. This manipulation causes information disclosure. This vulnerability appears as CVE-2024-53160. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.11.9 and classified as critical. This impacts the function dc_state_copy_internal of the component AMD Display. The manipulation results in allocation of resources. This vulnerability was named CVE-2024-53133. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.10/6.11.9. The impacted element is an unknown function. Performing manipulation results in privilege escalation. This vulnerability is reported as CVE-2024-53137. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.119/6.6.63/6.11.10/6.12.1. Impacted is the function applnco_probe. Performing manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2024-53154. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.12.1. This vulnerability affects the function ocfs2_file_read_iter. The manipulation results in uninitialized pointer. This vulnerability was named CVE-2024-53155. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.