Aggregator

Things to Include on Your CV When Your Job Focuses on Keeping Systems Running
If you're a junior SOC analyst, a GRC specialist or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It's not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that - whether your job touches logs or legal frameworks.

APT31 Compromised the Czech Foreign Affairs Ministry in 2022
The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic's foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31.

Stealthy Malware Installs Cryptomining Software
A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet "PumaBot," since its malware checks for the string "Pumatronix," the name of a Brazilian manufacturer of surveillance and traffic camera systems.

'It's Just Totally Destabilizing,' Staffers Say Amid CISA's Leadership Exodus
An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency's regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending.

Researcher Analyzes System Prompts to Show How New Claude Models Work
System-level instructions guiding Anthropic's new Claude 4 models tell it to skip praise, avoid flattery and get to the point, said independent AI researcher Simon Willison, breaking down newly released and leaked system prompts for the Claude Opus 4 and Sonnet 4 models.

CRADLE is an open-source web application designed to empower Cyber Threat Intelligence (CTI) analysts. The platform streamlines threat analysis workflows through collaborative note-taking, visual relationship mapping, and comprehensive report generation. In today’s rapidly evolving...

The post CRADLE: Open-Source CTI Platform for Collaborative Threat Analysis appeared first on Penetration Testing Tools.

马斯克旗下 xAI 与通讯应用 Telegram 达成合作协议；荣耀确认进军机器人产业；腾讯音乐斥资 12.9 亿元，成韩国 SM 娱乐第二大股东

近日,“谛听”团队杨道青博士撰写的论文被国际期刊《IEEE Transactions on Information Forensics and Security》录用。

Linux Security and Monitoring Scripts These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each script works on its...

The post LSMS: Linux Security and Monitoring Scripts appeared first on Penetration Testing Tools.

SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal

Campcodes Online Hospital Management System 1.0 - SQL Injection

WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing

Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass

Automic Agent 24.3.0 HF4 - Privilege Escalation

Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure

保障客户现场工业生产系统的安全，并为客户现场的运维提供便利。