Aggregator

От «это не взлетит» до «подписываем срочно» за 3 месяца.

Most UK cybersecurity professionals tell CIISec that their budgets are stagnating

Japan’s top brewer Asahi suspends operations after a cyberattack, halting ordering, shipping, and customer service activities. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a strong presence […]

A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a raid of her home in London. The cryptocurrency seizure, amounting to 61,000 Bitcoin, is believed to be the single largest such effort in the world, the Metropolitan Police said. Zhimin Qian (aka Yadi Zhang),

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年9月22日至2025年9月28日）安全漏洞情况如下

美国调查公司 Omdia 的数据显示，10～12 月服务器用 DRAM 的预测价格为 4.3 美元/GB，比 2023 年 10～12 月高出 2.4 美元。PC 用产品的预测价格为 2.8 美元，比 2023 年 10～12 月上涨 1.2 美元。这一趋势背后的原因是 AI 服务器的需求猛增。AI 服务器主要使用 HBM 内存。主要 DRAM 内存芯片制造商三星电子、SK 海力士及美光缩小产量或停产了上一代的 DDR4，转为生产和销售 HBM。AI 服务器的内存需求正在推动整个半导体市场。美国半导体行业协会（SIA）公布的全球半导体销售额7月达到了 620.7 亿美元，同比增长 20.6%，首次突破 600 亿美元。已连续 21 个月超过去年同期。

《全球数据泄露态势月度报告》（2025年8月）

年度冲刺，荣誉、大奖等你拿！

Как мошенники используют коллективное давление в Telegram-чатах.

根据发表在《Osteoporosis International》上的一篇综述，研究人员分析了 62 项研究，发现微塑料会破坏骨髓干细胞，刺激破骨细胞——一种削弱骨组织的细胞，从而削弱骨骼。实验室实验发现，微塑料颗粒会降低细胞活性，诱导细胞过早衰老，改变基因表达，引发炎症反应。动物研究发现，微塑料的积累会降低白细胞数量，破坏骨骼微结构，导致细胞结构不规则，增加骨折风险。巴西 Campinas 州立大学的 Rodrigo Bueno de Oliveira 表示，这些影响会阻碍实验动物的骨骼生长。

当前，科技创新日新月异、数字浪潮席卷全球。数字技术在赋能经济社会高质量发展的同时，也让电信网络诈骗这颗“毒瘤”以惊人的迭代速度升级犯罪模式，侵蚀社会信任根基、危害群众财产安全。

A newly discovered attack on the npm ecosystem has exposed a deceptive backdoor embedded in a malicious package impersonating Postmark. The package, named postmark-mcp, quietly siphoned off thousands of emails from unsuspecting developers and organizations, all with just one line of code. Over the course of 15 incremental releases, the threat actor behind postmark-mcp built […]

The post Malicious Code in Fake Postmark MCP Server Steals Thousands of Emails appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Конец «тяжелому» хранению.

Apple has released a security update for macOS Sequoia 15.7.1 to address a serious vulnerability in its font parser. The flaw, tracked as CVE-2025-43400, allows a maliciously crafted font file to trigger an out-of-bounds write. Exploitation could cause unexpected application crashes or corrupt process memory on affected systems. Apple patched this issue on September 29, 2025, as […]

The post Apple Font Parser Vulnerability Allowing Memory Corruption Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Resecurity warns the “Trinity of Chaos” (LAPSUS$, ShinyHunters, Scattered Spider) is driving a global cybercrime wave, with major breaches undisclosed. A new Resecurity report has uncovered a rapidly unfolding—and potentially much larger—global cybercrime campaign led by the notorious alliance of LAPSUS$, ShinyHunters, and Scattered Spider. Contrary to recent claims of “retirement,” the so-called “Trinity of […]

API-разработчики получили новый инструмент.

A zero-day local privilege escalation vulnerability in VMware Tools and VMware Aria Operations is being actively exploited in the wild. The flaw, tracked as CVE-2025-41244, allows an unprivileged local attacker to gain root-level code execution on affected systems. On September 29, 2025, Broadcom disclosed the vulnerability, which exists within VMware’s guest service discovery features. However, […]

The post VMware Tools and Aria 0-Day Vulnerability Exploited for Privilege Escalation and Code Execution appeared first on Cyber Security News.

A new dark web marketplace listing has sparked alarm in the cybersecurity community after a seller using the handle “SebastianPereiro” purportedly advertised a remote code execution (RCE) exploit targeting Veeam Backup & Replication platforms. The alleged exploit, marketed as the “Bug of June 2025,” is claimed to affect certain versions of Veeam 12.x series, specifically […]

The post Veeam RCE Exploit Allegedly Listed for Sale on Dark Web appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information.

希望走出一小步，带动行业一大步~