Aggregator

Submit #602602 / VDB-314094

Submit #602601 / VDB-314094

Submit #602600 / VDB-314094

Submit #602598 / VDB-314093

Submit #602509 / VDB-308218

Submit #602374 / VDB-314092

Submit #602373 / VDB-314091

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . This vulnerability was named CVE-2025-6669. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

关键词恶意软件近日，卡巴斯基（Kaspersky）安全研究人员披露，一种名为 SparkKitty 的新型间谍

关键词人工智能人工智能正悄然取代人类黑客。

关键词Windows微软近日发布公告，提醒所有 Windows 用户及 IT 管理员注意：用于 Secure

随着纸媒收入下降，越来越多的媒体拥抱了付费订阅模式。但当用户在上网冲浪时遇到需要付费的新闻内容，有多少人会愿意付费？美国皮尤研究中心的一项调查显示，绝大多数人都不愿意付费。调查显示，83% 的被调查者表示过去一年没有为新闻付费，17% 的人通过订阅、捐赠或成为会员的方式向新闻机构付费。74% 的人在搜索新闻时遇到过付费墙，38% 的人经常遇到付费墙。大多数情况下，遇到付费墙后，53% 的人会寻找其他信息来源，32% 的人放弃，只有 1% 的人在遇到付费墙后会选择付费访问。受过高等教育的成年人、民主党人和老年人等更有可能为新闻付费，民主党人比共和党人的付费意愿更高（21% 对 14%）。

We need to talk about data integrity.

Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks.

More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and eventually deleted. Integrity-related incidents include malicious actions, but also inadvertent mistakes...

The post The Age of Integrity appeared first on Security Boulevard.

文章探讨了数据完整性的关键作用及其在AI和Web 3.0时代的重要性。数据完整性不仅涉及防止篡改，还包括从数据收集到删除的全生命周期准确性。作者指出，数据完整性是AI系统安全的核心问题，并提出了“integrous”一词来描述具备完整性的系统设计。

文章探讨了数据完整性的关键作用及其对人工智能和未来网络（如Web 3.0）的重要性。数据完整性不仅涉及防止篡改和错误，还包括从收集到删除的全生命周期准确性。作者指出，数据完整性是构建可信AI系统的核心安全问题，并呼吁研究“integrous”（可靠）系统设计以应对日益复杂的挑战。

Вы смотрите на досудебку,  а она смотрит на вас через Cobalt Strike.

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know — and how Tenable can help.

The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security's (DHS) National Terrorism Advisory System (NTAS) bulletin, issued on June 22, 2025, serves as a stark reminder of the volatile environment that organizations and their cyber leaders operate in. It specifically highlights the "heightened threat environment" stemming from U.S. involvement in the ongoing conflict between Israel and Iran, noting the likelihood of cyberattacks from both pro-Iranian hacktivists and state-affiliated actors.

Likewise, U.K. Prime Minister Sir Keir Starmer remarked at a NATO summit this week that the likes of Iran and Russia were carrying out cyber attacks "on a regular basis" and the U.K. needs to be prepared for them.

And in fact, according to a report by ABC News, hackers backing Tehran have already targeted U.S. banks, defense contractors and oil industry companies since the military bombings, although no widespread disruptions have been caused yet.

According to the article, “Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks and oil companies following the U.S. strikes over the weekend. The hackers detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups' activity.”

This isn't just a geopolitical issue; it's a direct and immediate challenge to every organization, public and private, operating within the U.S. and beyond. As the DHS bulletin explicitly states, these actors "routinely target poorly secured U.S. networks and Internet-connected devices for disruptive cyber attacks." This isn't about if you'll be targeted, but when and, more importantly, how prepared you are to weather the storm.

The new normal: Geopolitical conflict and cyber reckoning

For too long, cybersecurity has often been viewed as a reactive discipline. Exposure Whac-a-Mole®. But in an era where geopolitical tensions translate directly into digital aggression, a reactive stance is a recipe for disaster. We're seeing critical infrastructure, often including operational technology (OT) environments, in the crosshairs. These are the systems that power our cities, deliver our water and fuel our economies. A disruption here can have catastrophic, real-world consequences.

Learn how you can use Tenable products to shore up your defenses. Read the blog Frequently Asked Questions About Iranian Cyber Operations.

Consider the recent history of Iranian-linked cyber activity, which includes breaches of U.S. water infrastructure and attempts to disrupt critical sectors. These aren't abstract threats. They’re documented and impactful. The DHS bulletin, in addition to insights from the Tenable Research Special Operations team, underscores that the risk extends beyond traditional IT networks, emphasizing the need for comprehensive security across all interconnected systems.

Mitigation recommendations

From a practical perspective in this heightened threat environment, we recommend the following immediate steps to strengthen your cyber defenses:

• Use strong passwords and enforce a strong password policy
• Change default passwords, especially on OT hardware
• Scan for and patch vulnerabilities in assets exposed to the internet
• Enable multi-factor authentication (MFA)
• Identify and prioritize your most valuable assets for remediation
• Develop a remediation plan and continue to test and improve it

Securing the foundation: A call to action for OT environments

The specific mention of critical infrastructure in the DHS bulletin is a call to action for every U.S. organization that even touches operational technology (OT) systems. These environments, often characterized by legacy equipment and unique protocols, present distinct cybersecurity challenges. Tenable's expertise in OT security is more vital than ever and gives organizations the immediate ability to:

• Automate asset discovery and mapping: Gain a complete, up-to-date inventory of all your OT assets, from programmable logic controllers (PLCs) and remote terminal units (RTUs) to human-machine interfaces (HMIs), ensuring no critical component is left unmonitored.
• Detect and mitigate OT-specific threats: Leverage advanced detection engines tailored to industrial control systems to identify anomalous network behavior, enforce security policies, and track changes that could signal a breach in progress.
• Contextualize OT vulnerabilities: Understand the specific risks posed by vulnerabilities within your OT environment, taking into account firmware versions, proprietary research and the potential impact on operational continuity.

Embracing exposure management

Beyond practicing strong cyber hygiene across IT and OT infrastructure, what more can organizations do to protect themselves? The answer lies in shifting their mindset from simply managing vulnerabilities to proactively managing exposure. Vulnerability management is crucial, but it's only one piece of the puzzle. Exposure management, however, provides a holistic view of your entire attack surface, allowing you to understand and prioritize risk in a way that traditional approaches simply cannot. This only becomes more important in the age of accelerated, AI-led attacks, which require incredible speed to outmaneuver.

At Tenable, we believe that understanding your exposure is the only way to truly understand and reduce your cyber risk. Our Tenable One Exposure Management Platform empowers organizations to:

• See everything: You can't protect what you can't see. Our exposure management platform provides comprehensive visibility across your entire modern attack surface, scanning everything from IT assets to cloud resources, containers, web applications, identity systems and, critically, your OT environments. This unified view is paramount when adversaries are looking for the weakest link, regardless of whether it resides in your IT or OT infrastructure.
• Anticipate and prioritize: The sheer volume of vulnerabilities can be overwhelming. Tenable's platform goes beyond just identifying vulnerabilities. We leverage advanced analytics, including our industry-leading Vulnerability Priority Rating (VPR), to help you understand the true risk each vulnerability poses to your unique environment. This means you can focus your limited resources on addressing the exposures that matter most, the ones most likely to be exploited by threat actors like those highlighted in the DHS bulletin. This includes pinpointing weaknesses in your OT systems that could be leveraged for disruptive attacks.
• Communicate cyber risk effectively: Security is no longer just an IT concern. It's also a business imperative. The Tenable One platform enables you to translate technical jargon into clear, actionable insights that resonate with leadership. This allows for informed decision-making and ensures that cybersecurity is integrated into the broader business strategy, rather than operating in a silo.

For details about the specific tools, tactics and techniques employed by Iranian nation-state actors and hactivists, and how you can use Tenable products to shore up your defenses, read the blog Frequently Asked Questions About Iranian Cyber Operations.

Conclusion

The current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. It's no longer enough to react to threats, organizations need to anticipate them, understand their exposure and prioritize their defenses where they matter most. The DHS bulletin is a critical warning. Let it be the catalyst for your organization to embrace exposure management and fortify your digital infrastructure, from the data center to the factory floor. The time for action is now.

当前地缘政治冲突加剧网络攻击风险，美伊冲突背景下黑客攻击频发。关键基础设施面临威胁，需加强防御措施如多因素认证、漏洞修复等。Tenable提供暴露管理平台以全面监控风险。