Aggregator

Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. [...]

coding agent 默认精英叙事，但办公 agent 需要反其道行之。

Firefox 152 arrives after an unusually busy month for its predecessor. Firefox 151 received no fewer than four minor patches in quick succession, and this new release focuses on making the browser more convenient...

The post Firefox 152 Adds Tab Mute Shortcut and JPEG XL appeared first on Information Security News.

Hackers are using 15 malicious JetBrains plugins posing as AI coding assistants to steal DeepSeek, OpenAI, and other developer API keys.

China-linked FishMonger used two SprySOCKS Windows variants that leveraged kernel drivers and the Print Spooler to target governments in four countries. ESET researchers have found two previously undocumented Windows versions of SprySOCKS, a backdoor that the security community had until now treated as Linux-only. Trend Micro first documented the Linux variant in September 2023 and […]

威胁行为者正在滥用 Steam Workshop（Valve 用于下载游戏相关内容的社区中心）来推送隐藏在壁纸包中的各种恶意软件。 受感染的壁纸可能导致 Steam 账户被劫持、系统被植入后门，或运行加密货币挖矿进程。 Steam Workshop 是 Valve 的 Steam 游戏服务上内置的内容共享平台，用户可以在其中上传和下载由社区为游戏和应用程序创建的内容。 这些内容包括模组、地图、皮肤...

За знакомой иконкой прячется атака, которую трудно заметить до первого списания.

The UK will ban adolescents under 16 years old from user-to-user social media platforms, despite age verification issues and privacy concerns.

AIRecon is an autonomous penetration testing agent that runs entirely offline, combining a self-hosted Ollama LLM with a Kali Linux Docker sandbox to automate end-to-end security assessments without exposing any data to the cloud. Developed by researcher pikpikcu, it eliminates the prohibitive cost of commercial API-based models like GPT-4 or Claude for recursive recon workflows […]

The post AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox appeared first on Cyber Security News.

The attack on Humanity Protocol’s H token was not a smart contract exploit at all. Instead, it served as a painful reminder of one of crypto’s oldest problems: lose control of your private keys,...

The post Stolen Keys Let Attacker Mint 300M H Tokens on BSC appeared first on Information Security News.

根据内分泌学会年会上发表的报告，多项研究显示 GLP-1 减肥药有助于提高男性睾酮水平和精子质量。一项研究对 1600多 名开具减肥药处方的男性患者的电子健康记录进行了分析，发现在接受 GLP-1 药物或双重激素受体激动剂治疗后，参与者的睾酮水平增加了约 30%。另一项回顾性研究同样分析了 215 名接受减肥药物治疗男性的记录，发现治疗后他们的平均睾酮水平比治疗前高出约 20%。睾酮是精子产生和维持生育能力不可或缺的激素，而肥胖会降低睾酮水平已是医学界的共识。脂肪细胞中含有高水平的酶，能将睾酮转化为主要的女性性激素雌二醇。此外肥胖引起的代谢变化和体内炎症水平升高也会直接影响睾酮的产生。当 GLP-1 药物帮助患者有效减重时，这些负面因素也随之减弱，从而促使生殖激素网络恢复正常。

专注于可穿戴心脏监测技术的健康公司 iRhythm 成为网络攻击的目标，导致信息被盗。 以其 Zio 可穿戴 ECG 监测器而闻名的 iRhythm 在周一提交给 SEC 的文件中披露了此次数据泄露。 该公司表示，其于 6 月 8 日检测到“涉及某些第三方托管的业务应用程序上维护的数据的未经授权活动”。iRhythm 指出，此次攻击涉及社会工程，但未透露被针对的应用程序名称...

根据国家信息安全漏洞库（CNNVD）统计，本周（2026年6月8日至2026年6月14日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，自2026年5月18日-2026年6月14日，共采集OpenClaw漏洞40个

As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk. "A single npm account (

Novo Nordisk recently fell victim to a sophisticated cyberattack. Consequently, this incident compromised a segment of patient data from clinical trials. Fortunately, the company asserted that names and direct identifiers remained unexposed. Therefore, unauthorized...

The post Novo Nordisk Cyberattack: Clinical Trial Data Breach appeared first on Information Security News.

Шахматные звезды захватили Гонконг, чтобы разделить полмиллиона евро.

Databases have long evolved beyond mere tabular repositories. However, new functionalities within SQL Server 2025 illustrate the inherent dangers of this progression. Recently, SpecterOps researchers discovered significant vulnerabilities. They detailed how attackers can abuse...

The post SQL Server 2025 AI Features Enable Data Exfiltration appeared first on Information Security News.

在 JetBrains Marketplace 上发现的至少 15 个恶意插件旨在窃取开发者的 AI API 密钥。 该活动由 Aikido Security 发现，包含的插件伪装成 AI 编码助手、代码审查工具以及由 OpenAI、DeepSeek 和 SiliconFlow 等流行 AI 服务支持的 Git 工具。 Aikido 警告称：“我们在 JetBrains Marketp...

A critical security vulnerability has been disclosed in LiteLLM, an increasingly popular proxy used for managing large language model (LLM) APIs. The flaw, tracked as CVE-2026-49468, allows attackers to bypass authentication mechanisms under specific conditions by exploiting improper handling of the Host header. The issue affects LiteLLM versions before 1.84.0 and has been assigned a […]

The post Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection appeared first on Cyber Security News.