Aggregator

Рассуждение о том, какие подводные камни скрываются за внедрением единого стандарта безопасной загрузки.

比赛链接：https://wmctf.wm-team.cn/ 比赛时间：2025年09月20日 10:00 (UTC+8) ~ 2025年09月21日 10:00 (UTC+8) QQ群：727697644 邮 箱：ctf[AT]wm-team.cn Discord: https://discord.gg/UrYYynD5ww 合作伙伴：陌陌安全

The first half of 2025 saw one of the worst waves of crypto hacks to date, with more than $3.01 billion stolen. AI was a big part of it, making scams easier to run and letting even low-skill criminals get in on the action. In the U.S. alone, nearly 160,000 crypto-related fraud complaints were reported in 2024. “The adversaries themselves aren’t fundamentally different between traditional finance and the crypto industry, but certain of the tactics … More →

The post AI made crypto scams far more dangerous appeared first on Help Net Security.

A CVSS score 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Natan Morette' was reported to the affected vendor on: 2025-09-18, 1 days ago. The vendor is given until 2026-01-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Protecting digital infrastructure is critical in 2025, as cyber threats escalate in complexity and diversity. Next‑Generation Firewalls (NGFWs) have become the cornerstone for enterprise security, offering not just robust traffic filtering, but also deep packet inspection, advanced threat intelligence, and seamless cloud integration for defense against today’s persistent and evolving threats. Why Top 10 Best […]

The post Top 10 Best Next‑Generation Firewall (NGFW) Providers in 2025 appeared first on Cyber Security News.

A Yandex information security specialist has identified and helped eliminate a high-severity vulnerability in the Chromium project code,

The post Yandex Specialist Helps Fix Critical Vulnerability in Chrome and Other Browsers appeared first on Penetration Testing Tools.

Google has released an urgent security update for Chrome browser users worldwide, addressing four critical vulnerabilities, including one zero-day exploit that is currently being actively exploited in the wild. The company is urging all users to update their browsers immediately to protect against potential attacks. Critical Zero-Day Vulnerability Discovered The most concerning vulnerability in this […]

The post Google Chrome 0-Day Under Active Attack – Update Immediately appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OpenAI has announced new safety measures for ChatGPT following a series of tragic incidents and lawsuits in which

The post After Tragic Incidents, ChatGPT Implements New Safety Measures appeared first on Penetration Testing Tools.

The Yala protocol has suffered a devastating blow to its ecosystem: on September 14, its Bitcoin-backed stablecoin YU

The post The Yala Protocol Attack: How an Exploit Caused a Stablecoin to Crash appeared first on Penetration Testing Tools.

Google has confirmed that a bogus account was created in its Law Enforcement Request System (LERS), the portal

The post Google Confirms Fake Account in Law Enforcement System After Hacker Group’s Claims appeared first on Penetration Testing Tools.

Experts at Unit 42 have presented an analysis of vulnerabilities associated with the use of large language model–based

The post The Trojan Horse in Your IDE: How AI Assistants Can Be Tricked into Hacking Your Code appeared first on Penetration Testing Tools.

Twenty-two-year-old American Conor Brian Fitzpatrick, better known by his alias Pompompurin, has received a new sentence in the

The post Pompompurin, BreachForums Administrator, Sentenced to Three Years in Prison appeared first on Penetration Testing Tools.

Как нейросеть обыграла суперкомпьютеры.

Apple has released supplemental security updates for older iPhone and iPad models, addressing a zero-day vulnerability previously patched

The post Apple Patches a Zero-Day Vulnerability in Older iPhones and iPads appeared first on Penetration Testing Tools.

Cybersecurity leaders know the attack surface has been growing for years, but the latest State of Information Security Report 2025 from IO shows how fast new risks are converging. Drawing on responses from more than 3,000 security professionals in the UK and US, the report points to three areas shaping board-level conversations this year: AI, compliance, and supply chain security. AI: A tool and a target AI is now woven into security operations and business … More →

The post Shadow AI is breaking corporate security from within appeared first on Help Net Security.

Google has altered its approach to Android security updates, breaking with a decade-long tradition of monthly vulnerability disclosures.

The post Google Shifts Android Security Updates to a Risk-Based System appeared first on Penetration Testing Tools.

A dangerous worm dubbed Shai-Hulud has been uncovered in the JavaScript ecosystem, infecting at least 187 packages in

The post The Self-Propagating Shai-Hulud Worm Infects the npm Ecosystem appeared first on Penetration Testing Tools.

A sprawling advertising-fraud operation known as SlopAds hid behind a storefront of hundreds of seemingly innocuous Android apps

The post The SlopAds Operation: A New Level of Ad Fraud appeared first on Penetration Testing Tools.

勒索黑客团伙ShinyHunter通过Salesloft Drift平台的安全漏洞窃取了15亿条数据，涉及760家公司，包括谷歌、Cloudflare等知名企业。攻击者利用OAuth令牌获取企业 Salesforce CRM 数据库中的账户、联系人、案例等信息，并与安全网站 BleepingComputer 交流以证明身份。尽管部分公司已采取措施应对泄露数据，但许多企业尚未公开声明此次事件的影响。

Acronis researchers have reported a fresh campaign that employs a modified FileFix technique to deliver the StealC data

The post New FileFix Attack: Hiding Malware in Plain Sight appeared first on Penetration Testing Tools.