紧急AI安全情报 | 热门AI智能体开发框架Mastra近140个NPM组件遭受供应链投毒
紧急AI供应链投毒预警!热门AI智能体开发框架Mastra AI近140个NPM组件遭受供应链投毒,涉及多个周下载量超百万次热门项目,请速排查!
Aggregator
Kodak confirms data breach claimed by ShinyHunters extortion gang
2 days 5 hours ago
Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. [...]
Sergiu Gatlan
雷神众测漏洞周报2026.6.08-2026.6.14
2 days 5 hours ago
雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的副本,包括版权声明等全部内容。声明雷神众测允许,不得任意修改或增减此文章内容,不得以任何方式将其用于商业目的。
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees
2 days 5 hours ago
A new strain of malware has emerged that combines two well-known social engineering tactics into one effective attack chain. Researchers have uncovered a Remote Access Trojan built on Deno, an unconventional JavaScript runtime, being deployed against employees through email flooding and fake Microsoft Teams calls. The attack overwhelms targets and then offers a false sense […]
The post Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees appeared first on Cyber Security News.
Tushar Subhra Dutta
Секретная команда sssh. Mozilla придумала гениальный способ заткнуть шумные вкладки
2 days 5 hours ago
В версии 152 Mozilla обновила настройки, добавила быстрый способ мгновенно выключить звук во всех вкладках и усилила позиции браузера на фоне ограничений в Chrome.
Hackers Abuse Steam Workshop Application Wallpapers to Hijack Active Steam Sessions
2 days 5 hours ago
Threat actors have been abusing Valve’s Steam Workshop since late 2025, embedding malware inside Wallpaper Engine application wallpapers to hijack active Steam sessions and infect victims with backdoors, infostealers, and crypto miners, with 89% of targets located in China, according to a new Kaspersky report. Wallpaper Engine is a hugely popular Steam application that lets […]
The post Hackers Abuse Steam Workshop Application Wallpapers to Hijack Active Steam Sessions appeared first on Cyber Security News.
Guru Baran
Hackers Using Claude and OpenAI’s Codex for Exploitation, and Data Exfiltration Activities
2 days 5 hours ago
Hackers are increasingly abusing Anthropic’s Claude and OpenAI’s Codex agents to automate reconnaissance, exploitation, and data exfiltration, often by disguising real intrusions as “authorized red team” work. These AI coding assistants are being treated like full-fledged operators, dramatically lowering the skill barrier for complex, multi-stage attacks. In one recent case, an attacker compromised a Linux […]
The post Hackers Using Claude and OpenAI’s Codex for Exploitation, and Data Exfiltration Activities appeared first on Cyber Security News.
Abinaya
Mozilla 公布 Firefox 路线图
2 days 6 hours ago
Mozilla 在宣布 Firefox 152 的同时,公布了将在未来推出的一系列新功能,其中包括:更新 UI 的 Project Nova;自定义快捷键;改进 PDF 编辑功能——支持在浏览器上直接拆分、合并和重组 PDF 文档;Multi-Account Containers 从扩展变成原生功能;移动版本将内置免费 VPN(可能只限于少数国家);通过语音向浏览器提问获得 AI 生成答案的 Quick Answers;隐私 AI 浏览 Smart Window;省电模式(Power Saving Mode)识别手机上消耗资源最多的标签页,自动降低其资源占用,从而延长电池续航时间,等等。
Приглашаем на конференцию по безопасности платежей #PAYMENTSECURITY 2026!
2 days 6 hours ago
Конференция пройдёт 05–06 августа 2026 года в Нижнем Новгороде. Регистрация уже открыта.
Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS
2 days 6 hours ago
In this guide, we will see how real-time network monitoring helps you spot suspicious application behavior on macOS, why traditional defenses leave a visibility gap, and how a lightweight monitoring tool can close it without turning your Mac into a security lab. Introduction: The Silent Threat in macOS Most users assume that if they avoid […]
The post Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS appeared first on Cyber Security News.
Kavichselvan
Space Bears
2 days 6 hours ago
You must login to view this content
cohenido
2026上半年你需要关注的高危漏洞合集!
2 days 6 hours ago
Энергию назвали "фундаментальной валютой поля боя". И этой валюты на фронте катастрофически мало
2 days 6 hours ago
Пентагон планирует увеличить дальность хода роботизированных боевых машин к концу десятилетия.
【安全圈】Google Vertex AI SDK 漏洞允许攻击者通过存储桶抢占劫持模型上传
2 days 6 hours ago
【安全圈】ClickFix 活动通过新加载器和虚假更新诱饵扩大恶意软件投递
2 days 6 hours ago
【安全圈】紧急预警!哪吒监控面板曝 9.1 分高危漏洞,仅需 2 次请求即可免密接管!
2 days 6 hours ago
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
2 days 6 hours ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary
The Hacker News
Секрет похудения ушел с молотка. Хакеры выставили на продажу рецепты самых популярных в мире таблеток от лишнего веса
2 days 7 hours ago
После отказа от сделки на 25 миллионов долларов хакеры объявили о частных продажах украденного архива, который, по их словам, содержит материалы о разработке лекарств и будущих препаратах компании.
Разум вне парализованного тела. Нейроимплант вернул немому пациенту работу и голос
2 days 7 hours ago
Система «мозг-компьютер» распознаёт попытки речи, собирает слова из нейронных сигналов и позволяет пациенту с БАС общаться каждый день.
ZDI-CAN-31815: LiteLLM
2 days 7 hours ago
A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'David Fiser and Alfredo Oliveira of TrendAI Research' was reported to the affected vendor on: 2026-06-17, 2 days ago. The vendor is given until 2026-10-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.