Aggregator

A sophisticated threat actor known as NoisyBear has emerged as a significant concern for Kazakhstan’s energy sector, employing advanced tactics to infiltrate critical infrastructure through weaponized ZIP files and PowerShell-based attack chains. This newly identified group has been orchestrating targeted campaigns against KazMunaiGas (KMG), the country’s national oil and gas company, using highly crafted phishing […]

The post NoisyBear Weaponizing ZIP Files to PowerShell Loaders and Exfiltrate Sensitive Data appeared first on Cyber Security News.

The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. [...]

Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.

The post Why the Principle of Least Privilege Is Critical for Non-Human Identities appeared first on Security Boulevard.

Россия стала самой атакуемой страной в киберпространстве с 2022 года.

Read about Ori David’s presentation at DEF CON 33 and learn how attackers can abuse VBS enclaves, a Windows security feature, for malicious purposes.

The more you hunt, the more you learn.

Scientists at NYU developed a ransomware prototype that uses LLMs to autonomously to plan, adapt, and execute ransomware attacks. ESET researchers, not knowing about the NYU project, apparently detected the ransomware, saying it appeared to be a proof-of-concept and a harbinger of what's to come.

The post NYU Scientists Develop, ESET Detects First AI-Powered Ransomware appeared first on Security Boulevard.

Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed and no user interaction required.” The exploited vulnerabilities CVE-2025-48543 affects the Android Runtime – the application runtime environment used by Google’s mobile operating system. CVE-2025-38352 is a … More →

The post Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) appeared first on Help Net Security.

Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. [...]

About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack application attack surface, while enjoying a flexible consumption model. Outpost24’s expert pen testers deliver deep, actionable insights on critical apps, with ongoing management as an extension of your security team. With a single, flexible agreement, you get fast, scalable, and business-driven pen testing, all seamlessly … More →

The post CyberFlex: Flexible Pen testing as a Service with EASM appeared first on Help Net Security.

The digital refuge: Abortion clinics, activist groups, and other organizations are turning to overseas hosting providers willing to keep their data — and their work — safe.

The threat actor known as NoisyBear has launched a sophisticated cyber-espionage effort called Operation BarrelFire, using specially designed phishing lures that imitate internal correspondence to target Kazakhstan’s energy sector, particularly workers of the state oil and gas major KazMunaiGas. Security researchers at Seqrite Labs first observed the campaign in April 2025 and noted its rapid […]

The post NoisyBear Exploits ZIP Files for PowerShell Loaders and Data Exfiltration appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Red Canary’s Threat Hunting team recently uncovered a malicious OAuth application attack, demonstrating the need for specific defenses.

139 мышей, 600 000 нейронов в одной симуляции.

ESET security researchers have uncovered a sophisticated cyber threat campaign targeting Windows servers across multiple countries, with attackers deploying custom malware tools designed for both remote access and search engine manipulation. Cybersecurity experts at ESET have identified a previously unknown threat group dubbed GhostRedirector, which has successfully compromised at least 65 Windows servers primarily located in […]

The post GhostRedirector Hackers Target Windows Servers Using Malicious IIS Module appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

作者分享了近期的阅读书单、观影体验、游戏探索以及生活感悟。推荐了包括《幽灵塔》《假面的告白》《乔布斯传》等书籍，并介绍了《空洞骑士：丝之歌》的游戏玩法。此外还记录了烹饪心得、博客样式调整以及使用多邻国学习英语的经历。

Wilmington, United States, September4th, 2025, CyberNewsWire: Veteran email security leader to expand MSP and VAR partnerships and accelerate DMARC adoption.  Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) […]

The post Sendmarc appoints Rob Bowker as North American Region Lead appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

本文链接

《大模型应用落地安全风险和防护实践》由火山引擎郑炎亭主讲，聚焦后DeepSeek时代的真实攻防：提示词越狱、RAG数据窃取、Log4j 诱导RCE、算力DDoS、幻觉误导五大高危场景，并给出从接入层到训练层的全栈防护方案——大模型应用防火墙+密文RAG+熔断限流+幻觉检测。报告强调，AI已进生产核心，安全即业务连续性，防护目标正从合规转向核心资产保险。

火山引擎大模型应用防火墙产品负责人 郑炎亭在《大模型应用落地的安全风险与防护实践》的分享中，探讨大模型应用在各行各业落地过程中面临的安全风险及相应的防护实践。

郑炎亭观察到，过去，不同行业在引入新技术时注重快速验证和部署，安全往往被视为次要考虑因素。随着 DeepSeek 等工具的普及，AI 技术的成本降低、门槛变低，越来越多的企业开始重视 AI 应用的安全性，特别是在生产环境暴露面增大后带来的潜在威胁。

当前的安全挑战不仅包括传统的 DDoS 攻击、薅羊毛滥用等，还涉及大模型特有的风险，如提示词注入、模型幻觉等问题。以提示词注入为例，通过简单的拼接即可实现对模型的操控，使得攻击成本大幅降低，这对企业的数据安全构成严重威胁。

为应对这些挑战，郑炎亭提出一些实践思路：一是对提示词过滤与监控，对输入输出实施严格过滤，减少恶意利用的可能性。二是对运行环境做安全保障，使用加密技术和机密计算来保护敏感信息处理过程中的安全性。三是模型安全性测评，测试模型识别并拒绝执行恶意代码或生成有害内容。

郑炎亭谈到大模型的幻觉问题确实不易解决。大模型幻觉分为事实性幻觉和忠实性幻觉。对于不同的幻觉应设计不同的应对方案，郑炎亭介绍几种在推理端处理幻觉问题的方法，强调在推理端更具性价比且更可控。

https://mp.weixin.qq.com/s/6rlyOEhF1CkX7Kvnj4ZISw

Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…