Aggregator

Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. [...]

A newly disclosed vulnerability in the Sudo command-line tool, present for over 12 years, has exposed countless Linux and Unix-like systems to the risk of local privilege escalation, allowing attackers to gain root access without sophisticated exploits. The flaw, tracked as CVE-2025-32462, was discovered by the Stratascale Cyber Research Unit (CRU) and affects both stable […]

The post 12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

DevSecOps 理念强调将安全融入开发、运维全流程，推动团队打破壁垒协同保障研发安全，逐渐成为行业共识。

Мессенджер, который должен был защищать, стал троянским конём.

CISA released four Industrial Control Systems (ICS) advisories on July 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-184-01 Hitachi Energy Relion 670/650 and SAM600-IO Series
• ICSA-25-184-02 Hitachi Energy MicroSCADA X SYS600
• ICSA-25-184-03 Mitsubishi Electric MELSOFT Update Manager
• ICSA-25-184-04 Mitsubishi Electric MELSEC iQ-F Series

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

ReliaQuest warns that initial access vulnerability exploitation is driving successful ransomware attacks

Microsoft Corporation has confirmed a significant workforce reduction affecting approximately 9,000 employees, representing nearly 4% of its global workforce.  This strategic restructuring comes as the technology giant continues to navigate the complex landscape of artificial intelligence infrastructure investments while maintaining operational efficiency and shareholder value. Key Takeaways1. Microsoft confirms 9,000 job cuts, 4% workforce reduction across […]

The post Microsoft Confirms Laying Off 9,000 Employees, Impacting 4% of its Workforce appeared first on Cyber Security News.

The cybersecurity landscape has witnessed a dramatic escalation in pro-Russian hacktivist activities since the onset of 2025, with emerging alliances between established and newly formed groups launching increasingly sophisticated attacks against Western infrastructure. These cyber operations, driven by geopolitical tensions surrounding the Russia-Ukraine conflict, have evolved from simple website defacements to coordinated campaigns targeting critical […]

The post Pro-Russian Hackers Making New Alliances to Launch High-Profile Attacks appeared first on Cyber Security News.

Фальшивый магазин — как волк в овечьей шкуре.

A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM).

The post Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks appeared first on Security Boulevard.

SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence

The deluge of bargain-priced ads that flooded social networks during Latin America’s “Hot Sale 2025” has now been traced to a sprawling Chinese-built malware operation that weaponizes thousands of convincingly branded storefronts to harvest payment credentials. First noticed by Mexican journalist Ignacio Gómez Villaseñor while monitoring suspicious domains hosted on a single IP, the campaign […]

The post Beware of Chinese Fake e-Commerce Websites Mimic Apple, Wrangler Jeans and Abuses Payment Services Like MasterCard and PayPal appeared first on Cyber Security News.

建议开发者与用户高度警惕来路不明的 GitHub 项目。

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) platforms and use the acquired access to execute arbitrary commands with the highest privileges. About CVE-2025-20309, and how to fix it Cisco Unified Communications Manager – … More →

The post Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) appeared first on Help Net Security.

How IT Leaders Can Navigate Regulatory Complexity, Use Tech for Digital Sovereignty
From Schrems II to TikTok fines, data sovereignty is redefining the rules of digital engagement. It is no longer an option for enterprises. CIOs must navigate a maze of data laws and tech strategies to stay compliant and competitive in a world without digital borders.

关键词勒索软件2025年7月1日，美国财政部外国资产控制办公室（OFAC）宣布制裁总部位于俄罗斯圣彼得堡的防弹

关键词数据泄露近日，一位在网络犯罪论坛上使用“G_mic”代号的用户宣称，成功入侵美国两大电信运营商Veriz

关键词数据泄露2025年7月1日，澳大利亚航空公司（Qantas）确认发生一起大规模数据泄露事件。