Aggregator

360将发布中国首个智能体社区“纳米AI智能体社区”

CISA has issued an urgent alert regarding active exploitation of critical Microsoft SharePoint vulnerabilities by suspected Chinese threat actors.  The attack campaign, dubbed “ToolShell,” leverages a vulnerability chain involving CVE-2025-49706 (network spoofing) and CVE-2025-49704 (remote code execution) to gain unauthorized access to on-premises SharePoint servers. The sophisticated attack enables malicious actors to achieve both unauthenticated […]

The post CISA Warns of Chinese Hackers Exploiting SharePoint 0-Day Flaws in Active Exploitation appeared first on Cyber Security News.

未被所提案禁令涵盖的企业，如果计划支付勒索金则需要通知政府，寻求关于此类付款是否违反了涉及向受制裁网络犯罪团伙（很多位于俄罗斯）转移钱财的法律要求的指南。

速修复

Операция по ликвидации вредоносной платформы оказалась бесполезной?

Security researchers discovered that threat actors had uploaded three corrupted browser packages, firefox-patch-bin, librewolf-fix-bin, and zen-browser-patched-bin, to the Arch User Repository (AUR).  These packages appeared to be benign forks of popular Firefox-based browsers but secretly installed a Remote Access Trojan (RAT) by pulling and executing a script from a malicious GitHub repository.  The Arch Linux […]

The post Hackers Injected Malicious Firefox Browser Packages to Arch Linux User Repository appeared first on Cyber Security News.

Cognizant handed over a password to the cybercriminal without asking any authentication questions

Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. [...]

全面恢复将需要数月之久

Annie Chen 是在 2017 年第一次注意到异常的呼吸急促，家庭医生告诉她不要担心，她的父亲有重烟瘾，71 岁时因肺癌去世，但她从未吸过烟。两年后医生给她做了 X 光检查，显示肺癌晚期。Chen 女士的病例代表了研究和治疗肺癌的医生所面临的一个日益困惑的现实。因吸烟率下降，过去几十年肺癌的发病率和死亡率也在下降，但非吸烟的肺癌患者的比例则出现了增长。研究人员估计，全球约有 10%-25% 的肺癌患者从未吸烟，在部分亚裔和亚裔美国女性人群中，比例可能高达 50% 或以上。对全世界 871 名非吸烟肺癌患者的研究发现，对于生活在空气污染严重地区的人群，某些 DNA 突变更为常见。污染不仅会直接损害 DNA，还会加速细胞分裂。非吸烟肺癌病人的癌症生物学特征与吸烟者不同，可能需要不同的预防和检测策略。非吸烟肺癌患者更有可能携带特定的致癌突变，而吸烟者则会随着时间推移积累更多突变。

Всего один вредонос держит Мексику в страхе уже четвёртый год подряд.

随着不断更新的前、中段载荷，不变的最终载荷DarkSeal一直存在于APT-C-06近几年的攻击活动中

A new phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a site used by educational institutions and vendors to manage grants and federal education funding. Threat researchers at BforeAI uncovered a cluster of lookalike domains designed to steal user credentials by mimicking the official G5.gov login page. Cloned version of the G5 portal (Source: BforeAI) The attack uses deceptive domains like g5parameters.com and g4parameters.com, among others, that copy the visual … More →

The post Phishing campaign targets U.S. Department of Education’s G5 portal appeared first on Help Net Security.

Sophos X-Ops explores why larger isn’t always better when it comes to solving security challenges with AI

4 F-35-gevechtsvliegtuigen vlogen over het festivalterrein bij de opening van Zwarte Cross in Lichtenvoorde. Dat gebeurde op verzoek van de organisatie. Met de ‘fly by’ wil Defensie onder meer haar zichtbaarheid naar het overwegend jonge publiek vergroten. Een overzicht van Defensieoperaties in de week van 16 tot en met 22 juli 2025.

为了能抓到包，无数安全研究人员使出浑身解数，我们可以按照OSI七层模型或TCP/IP四层模型，将这些方法进行粗略的分类。

售价13万美元！