Aggregator

Долгая игра в прятки с правосудием завершилась в декорациях самого оживлённого аэропорта страны.

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service (DoS) condition. "Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability," Node.js's

CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a structured system. The community edition is maintained as a self-hosted tool for organizations that want direct access to the code and data. What the community edition of CISO Assistant includes The community edition focuses on foundational GRC functions. It allows teams to define assets, document risks, create controls, and map those … More →

The post CISO Assistant: Open-source cybersecurity management and GRC appeared first on Help Net Security.

近日，国家信息安全漏洞库（CNNVD）收到关于Apache Struts安全漏洞安全漏洞（CNNVD-202601-1787、CVE-2025-68493）情况的报送。

2023 年 Google Chrome 移除了对实验性的 JPEG-XL 图像格式的支持。JPEG-XL 是免专利新的图像格式。Google 此举引发了很多争议，因为 Chrome/Chromium 占据了九成市场份额，它是 Web 标准事实上的仲裁者。到了 2025 年事情有了戏剧性转变。Google 改变了主意，开始恢复对 JPEG-XL 图像的支持，去年 12 月 Chrome/Chromium 代码库合并了 Rust 语言开发的 JPEG-XL 图像解码器 jxl-rs，本周基于 jxl-rs 的 JPEG-XL 图像解码功能默认启用。

Wine 11.0 正式释出。主要变化包括：全新的 WoW64 模式，支持 32 位甚至 16 位应用在 64 位前缀下以更简洁的方式运行；支持 Linux 6.14 的 NTSYNC 内核模块，显著改进游戏和多线程应用性能；统一的 Wine 二进制文件；支持 Vulkan API 1.4.335；通过 Direct3D 实现硬件加速的 H.264 解码；改进 Wine Wayland 驱动，支持剪贴板操作、IME 和创建非矩形窗口；等等。

Magecart возвращается, и он выучил новые трюки. Теперь — с любовью к WordPress.

Security teams that deal with connected devices often end up running long firmware scans overnight, checking progress in the morning, and trying to explain to colleagues why a single image consumed a workday of compute time. That routine sets the context for a new research paper that examines how the EMBA firmware analysis tool behaves when it runs in different environments. The study looks at EMBA deployments on a local standalone system and on a … More →

The post Firmware scanning time, cost, and where teams run EMBA appeared first on Help Net Security.

Güralp Systems Ltd.が提供するGüralp FMUS SeriesおよびGüralp MIN Seriesには、重要な機能に対する認証の欠如の脆弱性が存在します。

2026年1月12日，华盛顿。一场看似常规的G7财政部长会议，实则暗流涌动——七国集团（G7）联合欧盟、澳大

这是情报分析师第1883篇原创内容本文约2158字预计阅读时间7分钟2026年1月的第一个星期，当伊朗街头的K

Как борцы за приватность взломали цифровую диктатуру хотя бы на время.

台媒报道，一加科技创始人兼 CEO、OPPO 高级副总裁兼首席产品官刘作虎，涉嫌未经主管机关许可，便绕道香港在台设立分公司，实则为深圳母公司从事手机软件研发与人才招揽，利用港商名义规避法律审查，6 年间砸下 7293 万美元，大规模挖角台湾 70 多位顶尖研发工程师。检方依违反两岸人民关系条例将台籍郑姓、林姓 2 名干部提起公诉；刘作虎则另行通缉。起诉书指出，深圳万普拉斯（OnePlus）公司董事长刘作虎为组建台湾研发团队，与郑女、林男达成协议。自 2014 年起，先在香港成立「一加公司」，隔年再以港商身分来台设立分公司（后更名为声赫公司）。林男在侦讯时供称，他受刘作虎指示担任研发部门负责人，陆续面试并聘雇了 70 多位台湾研发工程师。尽管这群工程师领的是台湾分公司的薪水，但其开发出的软件全数应用在 OnePlus 手机上，且行政、财务等营运细节，皆须向深圳母公司的主管汇报，年终奖金发放甚至要经过刘作虎点头才能决定。

一个以ShinyHunters勒索团伙命名的网站发布了一个名为breachedforum.7z的7Zip压缩包。

七大核心关键词，精准捕捉了本年度网络安全领域的核心矛盾与发展方向，揭示了攻防双方的博弈焦点与行业变革逻辑。

シャープディスプレイソリューションズ株式会社がNECブランドで提供する複数のプロジェクターには、複数の脆弱性が存在します。

A single image can shift public opinion faster than a long post. Text to image systems can be pushed to create misleading political visuals, even when safety filters are in place, according to a new study. The researchers examined whether commercial text to image tools can be tricked into producing politically sensitive images of actual public figures. They focused on scenes that could be used for propaganda or disinformation, such as elected leaders holding extremist … More →

The post How AI image tools can be tricked into making political propaganda appeared first on Help Net Security.

シャープディスプレイソリューションズ株式会社がNECブランドで提供するメディアプレーヤ MP-01には、重要な機能に対する認証の欠如の脆弱性が存在します。

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed to be active since at least