Aggregator

Тот случай, когда лучше быть нелояльным. Новая схема развода для тех, кто ищет работу.

Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has

SoundCloud confirmed today that it experienced a security incident involving unauthorized access to a supporting internal system, resulting in the exposure of certain user data. The company said the incident affected approximately 20 percent of its users and involved email addresses along with information already visible on public SoundCloud profiles. Passwords and financial information were […]

The post SoundCloud Confirms Security Incident appeared first on Centraleyes.

The post SoundCloud Confirms Security Incident appeared first on Security Boulevard.

The cybersecurity landscape has once again been rattled by a subtle yet dangerous supply chain attack. A malicious NuGet package named Tracer.Fody.NLog was discovered masquerading as a legitimate .NET tracing library. Published in 2020, this package successfully deceived developers for years, accumulating roughly 2,000 downloads by impersonating the popular Tracer.Fody tool and its maintainer. The […]

The post Malicious NuGet Package Uses .NET Logging Tool to Steal Cryptocurrency Wallet Data appeared first on Cyber Security News.

Defensiemedewerkers hebben dit jaar opnieuw een indrukwekkend bedrag ingezameld voor Hulphond Nederland. Dat deden ze door statiegeldflesjes en -blikjes in te leveren. In totaal leverde de actie € 51.874,10 op. Vandaag is de cheque uitgereikt aan de stichting. De inzamelingsactie is een initiatief van de medewerkers zelf en geen campagne van het ministerie van Defensie.

ConnectWise has issued a security update for ScreenConnect™ to address a critical vulnerability that could enable attackers to expose sensitive configuration data and install untrusted extensions. The flaw, identified as CVE-2025-14265, affects only the ScreenConnect server component, leaving host and guest clients unaffected. The vulnerability stems from improper code integrity validation during extension installations, classified […]

The post Critical ScreenConnect Vulnerability Let Attackers Expose Sensitive Configuration Data appeared first on Cyber Security News.

Злоумышленники спрятали вирус в файлах, которые принято считать абсолютно безопасными.

Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to the confirmation, users accessing SoundCloud through VPNs reported connection failures and error messages. It has now been revealed that these connectivity issues were due to configuration changes made by SoundCloud in the wake of the attacks, and that the company is working on resolving them. The … More →

The post SoundCloud breached, hit by DoS attacks appeared first on Help Net Security.

European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros. [...]

A new information stealer called SantaStealer has emerged as a serious threat to Windows users worldwide. This malware-as-a-service tool is being aggressively marketed through Telegram channels and underground hacker forums, with plans for full release before the end of 2025. The malware represents a rebranding of the earlier BluelineStealer, reflecting the evolving nature of the […]

The post SantaStealer Attacks Users to Exfiltrates Sensitive Documents, Credentials, and Wallet Data appeared first on Cyber Security News.

AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as the surface area they must cover is expanding quickly while their staffing levels remain largely

记录下thl靶场的靶机渗透，共20个靶机的详细渗透过程，里面对各种渗透提权payload进行了详细的解释刨析，希望能对刚入门渗透的热爱安全的师傅带来帮助

Устройство Pocket Lab попало в Книгу рекордов Гиннесса: оно запускает LLM на 120 млрд параметров локально.

apk分析，发现登录口存在codeSign值签名校验，无法进行账号密码爆破操作，通过反编译apk文件再配合hook来分析加密构成逻辑，再配合加密脚本实现自动更新codeSign值实现账号密码爆破。

A vulnerability marked as critical has been reported in Milestone Systems XProtect VMS. This impacts an unknown function of the component MIP Webhooks API. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-0836. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

前言本文深入剖析 Fastjson2 ≤2.0.26 的序列化触发机制，并重点揭秘在 ≥2.0.27 版本下如何巧妙利用 Spring AOP 代理（JdkDynamicAopProxy） 与 ObjectFactoryDelegatingInvocationHandler 双重动态代理链，绕过黑名单限制，实现稳定 RCE 环境搭建Fastjson2<=2.0.26在tostring打个断点

前言现在绝大多数的新项目都是基于Spring Boot的Spring MVC实现，这里也主要以Spring MVC框架展开讲解。在Spring3.0版本,引入了Java注解，我们只需要使用Spring MVC注解就可以轻松完成Spring MVC的配置了。下面介绍一下Spring 注解配置Spring Controller 类级别注解1. @Controller作用：标识一个类为 Spring M

慢雾 MistTrack 助力数字资产安全合规落地。

关键词漏洞Plesk for Linux 中发现了一个严重的安全漏洞，可能允许用户在受影响的服务器上获取 ro

关键词漏洞一款名为PCPcat的新型恶意软件，通过针对性利用 Next.js 和 React 框架中的高危漏洞