Aggregator

大语言模型（LLMs）在AI应用中发挥重要作用，但提示注入攻击威胁其安全。此类攻击通过恶意输入操控模型输出，导致数据泄露、不当行为或有害内容生成。防范需采用多层策略，包括参数化、输入验证和人工监督。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to

美国网络安全机构CISA将影响Linux系统Sudo工具的严重漏洞CVE-2025-32463加入已知被利用漏洞目录，该漏洞允许攻击者以root权限执行任意命令。同时新增四例被利用漏洞，并敦促相关机构在10月20日前修复。

In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber resilience. He talks about the priorities CISOs should focus on and the risks that are often overlooked. Bilquez also explains how to align cybersecurity efforts with business goals to gain executive support. What trends or emerging threats are pushing organizations to rethink their resilience strategies? AI is making it easier for attackers … More →

The post Cyber risk quantification helps CISOs secure executive support appeared first on Help Net Security.

Luxury department store Harrods has become the latest victim of a significant cybersecurity incident after hackers successfully accessed personal data belonging to 430,000 customers. The prestigious London retailer confirmed that threat actors contacted the company following the breach, though Harrods has stated it will not engage with the attackers. Limited Data Exposure The compromised information was obtained from […]

The post New Harrods Data Breach Leaks Personal Information of 430,000 Customers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

VMware has disclosed critical security vulnerabilities in vCenter Server and NSX platforms that could allow attackers to enumerate valid usernames and manipulate system notifications.  The vulnerabilities, tracked as CVE-2025-41250, CVE-2025-41251, and CVE-2025-41252, affect multiple VMware products, including Cloud Foundation, vSphere Foundation, NSX, NSX-T, and Telco Cloud platforms. Broadcom, which acquired VMware, released a security advisory […]

The post VMware vCenter and NSX Vulnerabilities Let Attackers Enumerate Valid Usernames appeared first on Cyber Security News.

A sophisticated cybercriminal group known as Lunar Spider successfully compromised a Windows machine through a single malicious click, establishing a foothold that allowed them to harvest credentials and maintain persistent access for nearly two months. The intrusion, which began in May 2024, demonstrates the evolving threat landscape where initial access can rapidly escalate to full […]

The post Lunar Spider Infected Windows Machine in Single Click and Harvested Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have identified a sophisticated campaign where threat actors are using malicious advertisements and search engine optimization poisoning to distribute fake Microsoft Teams installers containing the Oyster backdoor malware. The campaign targets users searching for legitimate Microsoft Teams downloads through search engines. When users search for terms like “teams download,” they encounter fraudulent sponsored […]

The post Hackers Distribute Malicious Microsoft Teams Build to Steal Remote Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Автомобиль из 3D-печатных деталей показал и выносливость дороги, и доминирование на треках.

Researchers have found that many low-cost Android devices come with pre-installed apps that have high-level access to the system. Unlike apps from the Google Play Store, many of these are not subject to thorough checks and can serve as vectors for malware or privacy-invasive features. Researchers studying the African mobile device market focused on three brands selling Android devices under $100, all running Android Go Edition. To investigate, the team developed PiPLAnD, an automated framework … More →

The post Your budget Android phone might be spying on you appeared first on Help Net Security.

Cognex Says It Won't Patch Flaws
Nearly a dozen serious vulnerabilities in a Cognex industrial smart camera will go without a patch because the company says the model is "too old to merit a fix." Industrial security firm Nozomi Networks uncovered nine flaws during a security assessment.

2024 Cyberattack Was One of Several on Other Blood Suppliers in US, UK
OneBlood, which provides blood supplies to 250 hospitals in Florida, Georgia and the Carolinas, will pay $1 million to settle proposed class action litigation filed against the non-profit entity in the wake of a 2024 ransomware attack that compromised the information of nearly 170,000 individuals.

Machine Identities Outpace Human Ones, But Accountability Lags Behind
Machine identities already outnumber human users in many organizations, but the answer to who owns them, who rotates their keys, audits their actions and takes the fall when something goes wrong often depends on who's responding - and the answers rarely align.

Global Cyber Agencies Call for Exhaustive OT Inventories to Combat Threats
Global cyber agencies are urging critical infrastructure owners and operators to maintain "definitive records" of their complex operational technology environments, calling for exhaustive asset visibility as regulators shift toward prescriptive mandates to counter escalating threats.

Главный релиз года для тех, кто не пользуется мышью (хотя теперь можно).

The resilience of the world’s submarine cable network is under new pressure from geopolitical tensions, supply chain risks, and slow repair processes. A new report from the Center for Cybersecurity Policy and Law outlines how governments and industry can work together to strengthen this critical infrastructure. The report comes at a time when physical disruptions to cables are drawing more attention. While most breaks are caused by fishing or anchoring accidents, recent incidents in the … More →

The post Keeping the internet afloat: How to protect the global cable network appeared first on Help Net Security.

ChronoFrame 是一款开源的自托管个人画廊工具，支持 LivePhoto、EXIF 解析、照片地图等功能，适合展示摄影作品或记录旅行足迹。它提供在线管理照片、智能 EXIF 解析和地理位置识别等特色功能，在家用 NAS 中部署简单方便。