Aggregator

Пользователь входит по отпечатку, а кто-то другой — по уязвимости.

Descope launched Agentic Identity Control Plane, a solution that enables security teams to institute policy-based governance, auditing, and identity management for their AI agent and Model Context Protocol (MCP) ecosystems. The Agentic Identity Control Plane builds on top of the existing Descope Agentic Identity Hub to mark a huge step forward in Descope’s vision of becoming the identity provider for AI agents. As AI agents, LLMs, and MCP servers continue gaining rapid adoption, security leaders … More →

The post Descope enhances AI identity security with Agentic Identity Control Plane appeared first on Help Net Security.

关键词网络攻击2025年7月发生的这场针对Bing搜索引擎的精密投毒攻击，堪称数字化时代的"特洛伊木马"现代版

关键词安全漏洞网络安全研究人员近日确认，Trend Micro Apex One（本地版）管理控制台存在两个至

关键词网咯攻击网络安全公司Proofpoint近期披露了一项持续进行的攻击活动，黑客通过伪造知名企业的微软OA

关键词安全漏洞近期曝出的Dell笔记本重大安全漏洞犹如为网络安全敲响了一记警钟。

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

速修复

LegalPwn 不仅仅存在于理论中

WhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list. [...]

MIND announced the general availability of the first autonomous DLP platform, enabling security teams to safely use GenAI, go beyond compliance, and automate data protection across all IT environments by reducing manual work and preventing sensitive data leaks. Built from the ground up as an AI-native DLP platform to automate the entire lifecycle of data protection, MIND delivers: Data discovery: Automated and continuous inventory of sensitive data at rest and user/agentic AI/non-human activities to remove … More →

The post MIND launches autonomous DLP platform to put data protection on autopilot appeared first on Help Net Security.

Старые устройства вновь стали порталом для незваных гостей.

A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-8667. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system "automates what is considered the gold

Submit #621324 / VDB-319026

Black Kite has unveiled the Adversary Susceptibility Index (ASI), a tool designed for TPRM teams to proactively identify which vendors are most vulnerable to specific threat actors before threats escalate into breaches. “With high-profile threats like Volt Typhoon, Black Basta, and APT29, security teams cannot wait for weeks to respond,” said Ferhat Dikbiyik, Chief Research and Intelligence Officer, Black Kite. “As threat actors become more targeted and sophisticated, third-party risk teams need tools that reflect the … More →

The post New Black Kite tool identifies which vendors are most vulnerable to targeted threat groups appeared first on Help Net Security.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  North Korean state-sponsored groups, such as Lazarus, continue to target the financial and cryptocurrency sectors with a variety of custom malware families. In previous research, we examined strains like InvisibleFerret, Beavertail, and OtterCookie, often […]

The post PyLangGhost RAT: Rising Stealer from Lazarus Group Striking Finance and Technology  appeared first on ANY.RUN's Cybersecurity Blog.

Ransomware actors deploy a range of activities to make it harder for victims to recover and increase the consequences of not paying demands

Threat actors leveraged SEO poisoning techniques to manipulate Bing search results, directing users querying for “ManageEngine OpManager” to a malicious domain, opmanager[.]pro. This site distributed a trojanized MSI installer named ManageEngine-OpManager.msi, which covertly deployed the Bumblebee malware loader while installing legitimate software. Bumblebee, first identified in late 2021 as an initial access tool associated with […]

The post Threat Actors Poison Bing Search Results to Distribute Bumblebee Malware via ‘ManageEngine OpManager’ Queries appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.