Aggregator

Ты не знал слово “проснебешенство”, но оно звучит убедительно. Вот почему с ИИ нужно быть начеку.

Когда ракеты не долетают — долетают пакеты.

Companies with $1 billion in revenue or less might want to give a heads-up to HR to kickstart the search for a new CISO — because according to a study from IANS Research, your current CISO might be out the door within a year.  The 363 CISOs in SMBs surveyed for the 2025 Small and..

The post Is Your CISO Ready to Flee?  appeared first on Security Boulevard.

Author: Knownsec 404 Advanced Threat Intelligence Team 中文版：https://paper.seebug.org/3331/ 1. Background 1.1 Organization Introduction The Confucius group was disclosed by foreign security vendors i...

Sailfish OS 开发商 Jolla 放弃了它的强制性软件更新付费订阅制商业模式，宣布改为自愿付费制。Sailfish OS 是在诺基亚 MeeGo 基础上开发的移动操作系统，目前运行 Sailfish OS 的智能手机主要是 Jolla C2 社区版。此前 Jolla 对 Jolla C2 的软件更新收取 25 欧元的年费（第一年的费用包含在售价内），这一付费模式显然不太受欢迎，Jolla 宣布所有 Jolla C2 智能手机都将获得至少五年的更新。

Машины учатся выбирать между злом и меньшим злом.

A prominent expert on Russian information operations was targeted by a sophisticated spear phishing attack likely coming from Russian hackers

6月21日，不见不散！

Managing certificates in-house using private CAs offers enterprises greater security, compliance, and long-term cost savings. With the shift toward shorter certificate lifespans and rising complexity in modern IT environments, public CAs often fall short. Private CAs empower businesses with agility, automation, and control while supporting post-quantum cryptography and hybrid infrastructure needs. Tools like Sectigo streamline the transition and amplify ROI through flexible deployment and centralized management.

The post The ROI of moving certificate management in-house with internal CAs appeared first on Security Boulevard.

Alright, let’s be honest — login systems are everywhere. From your favourite pizza delivery app to your office tools, every app asks you to Sign in with Google or Log in with Microsoft. Ever wondered how that works under the hood? That’s where OpenID Connect (OIDC) comes into play. In simple terms, OIDC is a...

The post What’s OpenID Connect (OIDC) and Why Should You Care? appeared first on Security Boulevard.

Amazon Linux 2023 (AL2023) has earned FIPS 140-3 Level 1 validation for several of its cryptographic modules. This means it’s now approved for use in systems that need to meet U.S. and Canadian government standards for encryption. FIPS (Federal Information Processing Standard) 140-3 replaces the older 140-2 version. It sets rules for how cryptographic software and hardware should handle things like encryption, key management, and random number generation. In AL2023, modules such as OpenSSL, the … More →

The post Amazon Linux 2023 achieves FIPS 140-3 validation appeared first on Help Net Security.

Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, is assessed to be a continuation of a rogue Python campaign that was identified in 2023 as targeting the Python Package

根据 Counterpoint Research 的初步数据，2025 年 4 月和 5 月 iPhone 销量同比增长 15%，为疫情爆发以来最高。推动销量增长的主要来自苹果的两大市场美国和中国，其中中国的销量尤为突出（可能和苹果系列产品进入各地的国补有关），此前 iPhone 在华销量被华为等本土厂商的手机产品超越，而 5 月 iPhone 再次跃居榜首。

We’ve officially entered the era of agentic AI—where systems do more than just follow instructions. These AI agents can now act autonomously, make decisions, execute tasks, and learn continuously from their interactions within digital environments. In the context of network infrastructure and penetration testing, agentic AI marks a major leap forward. Instead of waiting for […]

The post How Agentic AI Can Secure Network Infrastructure? appeared first on Kratikal Blogs - Information Hub For Cyber Security Experts.

The post How Agentic AI Can Secure Network Infrastructure? appeared first on Security Boulevard.

墨菲安全在会议中全面展示在开源软件供应链威胁治理方面的先进思考和实践成果

Спецслужбы показали, как легко вырвать крипту у мошенников — даже если она в 16 адресах от вас.

A vulnerability classified as critical has been found in OpenVPN ovpn-dco-win up to 1.3.0/2.5.8. This affects an unknown part of the component Kernel Driver. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-50054. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.