Aggregator

Security by Design or Be Fined, Committee Suggests
A U.K. parliamentary committee is recommending a new statute forcing software publishers to hew to secure-by-design principles or else face financial penalties. The committee called for "enforcement agencies" empowered to levy fines to monitor industry for compliance.

Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications
The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures.

Работа профессора Марии Стрёмме стала главной темой номера журнала AIP Advances.

In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains how boards think about their duty to oversee risk and how CISOs can present information in a way that supports that duty. Jonathan outlines why boards want to understand risk appetite, how loss scenarios shape those discussions, and why no … More →

The post How board members think about cyber risk and what CISOs should tell them appeared first on Help Net Security.

ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions of ASUS computer users worldwide. Vulnerability Overview The security […]

The post ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access appeared first on Cyber Security News.

搞过应用安全的朋友大概率都踩过这样一个痛点：面对分布式微服务架构，传统SAST工具早已经显得力不从心。一个用户请求从前端发起，经中间层路由至后端服务集群，需要穿透多个微服务节点；而污点数据会通过RES

Ashlar-Vellumが提供する複数の製品には、複数の脆弱性が存在します。

Rockwell Automationが提供するArena Simulationには、スタックベースのバッファオーバーフローの脆弱性が存在します。

Zenitelが提供するTCIV-3+には、複数の脆弱性が存在します。

Opto 22が提供するgroov Viewには、メタデータによる機微な情報の漏えいの脆弱性が存在します。

Festoが提供する複数の製品には、複数の脆弱性が存在します。

SiRcomが提供するSMART Alert (SiSA)には、重要な機能に対する認証の欠如の脆弱性が存在します。

The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes. The activity targets individuals, businesses, and organizations of varied sizes and across sectors, the agency said, adding the fraudulent schemes have led to more than $262

The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating fin

如果你想知道下一代 AI 产品会长成什么样，不妨从这里开始。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证