Aggregator

Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. [...]

Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers…

As artificial intelligence (AI) accelerates across industries from financial modeling and autonomous vehicles to medical imaging and logistics optimization, one issue consistently flies under the radar: Physical security. 

The post The Overlooked Risk in AI Infrastructure: Physical Security  appeared first on Security Boulevard.

A critical security vulnerability in Laravel’s Livewire framework has been discovered that could expose millions of web applications to remote code execution (RCE) attacks.  The flaw, designated as CVE-2025-54068, affects Livewire v3 versions from 3.0.0-beta.1 through 3.6.3, with a CVSS v4 score indicating high severity across confidentiality, integrity, and availability metrics.  The vulnerability originates from […]

The post Livewire Vulnerability Exposes Millions of Laravel Apps to Remote Code Execution Attacks appeared first on Cyber Security News.

Пользуетесь мессенджером? Проверьте, кто и зачем просит ваш код из СМС.

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory mandates. It underpins cyber resilience, secures third-party partnerships, and ensures uninterrupted

Microsoft patched an exploited SharePoint flaw (CVE-2025-53770) and disclosed a new one, warning of ongoing attacks on on-prem servers. Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, exploited since July 18 in attacks dubbed “ToolShell.” Both vulnerabilities only impact on-premises SharePoint Servers, threat actors could chain them for unauthenticated, […]

A sophisticated new ransomware strain named KAWA4096 has emerged in the cybersecurity landscape, showcasing advanced evasion techniques and borrowing design elements from established threat actors. Named after the Japanese word for “river,” this malicious software first surfaced in June 2025 and has already claimed at least 11 victims across multiple regions, with the United States […]

The post New KAWA4096’s Ransomware Leverages Windows Management Instrumentation to Delete Shadow Copies appeared first on Cyber Security News.

A sophisticated surveillance operation has been discovered exploiting critical vulnerabilities in the global telecommunications infrastructure to track mobile phone users’ locations without authorization, security researchers have revealed. The attack leverages weaknesses in the decades-old SS7 (Signaling System No. 7) protocol that underpins international cellular networks. New Attack Method Discovered Security experts at Enea’s Threat Intelligence […]

The post Surveillance Firm Exploits SS7 Flaw to Track User Locations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Learning a new language doesn't have to mean night classes, bulky textbooks, or boring apps. With Babbel, you can pick up real-world conversation skills through short, fun, and practical lessons. And right now, you can get a lifetime subscription for only $159 (regularly $599). [...]

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

关键词数据泄露据香港文汇报独家报道，国际奢侈品牌近日发生重大数据泄露，近42万香港客户的信息被非法获取，香港私

关键词漏洞🚨 全球SharePoint服务器遭“零日”攻陷，政府与企业紧急应对！

OpenAI 本应在上周发布自 GPT-2 以来首个开放权重模型，但 CEO Sam Altman 以安全审查的理由推迟了发布。美国迄今发布的性能最出色的开放模型是 Meta 的 Llama 4，除此之外微软发布了 Phi-4 14B，Google 发布了最多 270 亿参数的多模态模型 Gemma3。相比之下，中国的大模型明显比美国更为开放性能也更为出色。DeepSeek 发布了有 6710 亿个参数的 R1 模型；阿里巴巴发布了一系列通义千问模型 QwQ、Qwen3-235B-A22B 和 30B-A3B；MiniMax 在 Apache 2.0 下发布了有 4560 亿个参数的推理模型 M1，其上下文窗口一百万 token；百度开源了参数规模 470 亿到 4240 亿的文心模型；华为开源了盘古模型；北京月之暗面发布了 1 万亿参数的 Kimi 2 模型。美国最先进的模型都是闭源私有的，而中国最先进的模型开放了权重，公开了技术文档等细节。

A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. [...]

Машина играла точно, как обучали. Человек — как чувствовал. И победил.

速修复

主板制造商和独立的BIOS 厂商需要优先考虑安全性，为开发人员提供持续的安全编码教育、提高对密钥的管理并确保默认启用安全特性。

Microsoft has issued an urgent patch for most SharePoint servers after cybersecurity researchers found threat actors globally exploiting a zero-day vulnerability in the products.