Aggregator

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

The Hacker News

Developer Workstations Are Now Part of the Software Supply Chain

不安全

1 month ago

Supply chain attackers are not only trying to slip malicious code into trusted software. They are t

The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed

Hack Read

1 month ago

The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations.

Waqas

Microsoft testing adjustable taskbar, Start menu in Windows 11

Bleeping Computer.

1 month ago

Microsoft has finally brought back the resizable taskbar and Start menu to Windows 11 in the latest preview version rolling out to Insiders in the Experimental channel. [...]

Sergiu Gatlan

Zero-Day Exploit Against Windows BitLocker

不安全

1 month ago

It’s nasty, but it requires physical access to the computer:The exploit, named YellowKey,

【安全圈】警惕 AI 造谣传谣！“张家界大峡谷玻璃桥断裂垮塌”视频系伪造

安全圈

1 month ago

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

【安全圈】针对电话诈骗谷歌要推新识别功能了

安全圈

1 month ago

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

【安全圈】AI 假图“仅退款”成风：商家叫苦不迭，国家反诈中心“AI 鉴定师”进入实战阶段

安全圈

1 month ago

AI 漏洞挖掘开始交付"工程化结果" 从音频解码到工业 CAD，从车端 CAN 帧到企业 Java 中间件——这一次，AI 红队没有靠"灵感"。

ANY.RUN Turns 10: Special Offers for Stronger Security Operations

Anyrun

1 month ago

Ten years in cybersecurity is a long journey. Threats have changed, attacks have become harder to spot, and security teams now need answers faster than ever. ANY.RUN has grown with those teams. What started as an interactive sandbox is now a trusted company with threat analysis and intelligence solution used by 15,000+ organizations, 600,000 security professionals, and teams at Fortune […]

The post ANY.RUN Turns 10: Special Offers for Stronger Security Operations appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

360数字安全集团与泰达数科达成战略合作共筑AI创新与数字安全新生态

360数字安全

1 month ago

天津经开区再落AI与安全合作新布局泰达数科携手360数字安全集团共建数智生态

Root на macOS. Первый публичный эксплойт для чипа M5 появился в сети

Securitylab.ru

1 month ago

На обход главной защиты Apple понадобилось пять лет разработки и несколько дней на взлом.

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

The Hackers News

1 month ago

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name

The Hacker News

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

不安全

1 month ago

Vulnerability / Software SecurityIvanti, Fortinet, n8n, SAP, and VMware have released security fix

L’IA che combatte l’IA: quando la guerra cibernetica smette di avere un volto umano

不安全

1 month ago

C’è una frase pronunciata di recente da Nikesh Arora, amministratore delegato di Palo Alto Networks,

MiniPlasma: la patch del 2020 su Windows che non c’è mai stata o è sparita

不安全

1 month ago

C’è una cosa che dà fastidio più di una vulnerabilità zero-day: scoprire che una patch rilasciata se

Aggregator

Managed ad