Aggregator

A sophisticated new variation of cyberattacks emerged in July 2025, exploiting a critical vulnerability in how Chrome and Microsoft Edge handle webpage saving functionality. The attack, dubbed “FileFix 2.0,” bypasses Windows’ Mark of the Web (MOTW) security feature by leveraging legitimate browser saving mechanisms combined with HTML Application (HTA) execution. Key Points1. Saving HTML pages […]

The post FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection appeared first on Cyber Security News.

Guru Baran

Court Rules Anthropic’s Book Scans Were Fair Use

不安全

2 months 2 weeks ago

这篇文章讨论了Anthropic公司因购买和扫描数百万本书籍用于训练大型语言模型（LLMs）而引发的版权争议。原告指控该公司未经授权复制和保留书籍内容。法院认为将纸质书转换为数字格式以节省空间和提高可搜索性属于合理使用，但未解决非法获取电子书的问题。

Blockchain Security Layers: Tradeoffs Between L1, L2, and Hardware TEEs

不安全

2 months 2 weeks ago

文章探讨了区块链中可信计算与智能合约的安全性问题，比较了Layer-One和Layer-Two解决方案的优缺点，并分析了不同硬件架构（如Intel SGX、ARM TrustZone和专用芯片）对系统安全的影响。

Why TEE-Based Smart Contracts Still Aren’t Fully Secure

不安全

2 months 2 weeks ago

文章探讨了可信执行环境（TEE）辅助的 confidential smart contract 系统的研究挑战。重点包括密钥管理难题：集中存储虽安全但风险高；分散存储增加泄露风险且技术复杂。此外，缺乏透明性使得合约执行难以验证，并依赖硬件制造商信任。

Ukraine’s Contaminated Land: Clearing Landmines With Rakes, Tractors and Drones

不安全

2 months 2 weeks ago

乌克兰因俄罗斯入侵面临严重地雷和未爆炸弹药问题，影响农业生产和农民安全。排雷人员如Viktoria Shynkar在危险环境中清除地雷，但进展缓慢且数据不全。许多地区仍存风险，影响粮食生产和经济恢复。

CVE-2025-6017 | Red Hat Advanced Cluster Management for Kubernetes 2 up to 2.12.4 UI exposure of private personal information to an unauthorized actor (EUVD-2025-19692)

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability was found in Red Hat Advanced Cluster Management for Kubernetes 2 up to 2.12.4 and classified as problematic. Affected by this issue is some unknown functionality of the component UI. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is handled as CVE-2025-6017. The attack needs to be approached locally. There is no exploit available.

vuldb.com

TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections

Cyber Security News

2 months 2 weeks ago

The cybersecurity landscape faces a renewed threat as TA829, a sophisticated threat actor group, has emerged with enhanced tactics, techniques, and procedures (TTPs) alongside an upgraded version of the notorious RomCom backdoor. This hybrid cybercriminal-espionage group has demonstrated remarkable adaptability, conducting both financially motivated attacks and state-aligned espionage operations, particularly following the invasion of Ukraine. […]

The post TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections appeared first on Cyber Security News.

Tushar Subhra Dutta