Aggregator

研究人员在《科学》期刊上报告，当营养匮乏、资源短缺的时候，部分细菌会杀死周围的同类，然后一点点地把对方吃掉。细菌会使用“第六型分泌系统”（T6SS），是一种看起来像微型鱼叉枪的装置，去刺穿周围的其他细胞，并注入致命毒素，使对方细胞破裂而死。以往科学家认为，T6SS 是细菌在拥挤环境中用来清除竞争者的“武器”，目的在于“争地盘”。但最新研究表明，这套系统不仅可以“打仗用”，还能“进食用”。当营养匮乏、无力独自生长时，细菌会精准调控 T6SS，有目的地猎杀邻居，从中“榨取”营养，维持自身生存。科学家分析了全球海洋中不同环境的细菌基因数据，发现类似的武器系统广泛存在。

Узнайте, как оценить работу процессов и СЗИ с помощью правильных метрик всего за один час.

A vulnerability classified as critical was found in Corephp Com Jphoto 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2009-4598. The attack can be initiated remotely. Furthermore, there is an exploit available.

快速浏览！2025.6.9—6.15安全动态周回顾。

进一步的调查发现，这个易受攻击的模块至少从2022年底就开始在野外传播，后来在2024年被上传到VirusTotal。

In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance issue. Cyber governance requires treating cybersecurity as a strategic business risk embedded across enterprise-wide decision-making. Where do banks typically struggle when trying to align cybersecurity efforts with broader governance and risk priorities? Banks … More →

The post Why banks’ tech-first approach leaves governance gaps appeared first on Help Net Security.

A vulnerability was found in JomEstate PRO up to 3.7 on Joomla. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation of the argument ID as part of Parameter leads to sql injection. This vulnerability is handled as CVE-2018-6368. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in M-Files Server. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-5964. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Преступники взломали вечный покой. И теперь ищут тех, кто заплатит за молчание.

Managing endpoints and responding to security incidents in Microsoft Defender for Endpoint (MDE) can be time-consuming and complex. MDEAutomator is an open-source tool designed to make that easier. MDEAutomator is a modular, serverless solution for IT and security teams looking to save time and reduce manual work. By using Azure Function Apps and a custom PowerShell module, MDEAutomator automates tasks like deploying MDE to new devices and responding to alerts, without needing to manage extra … More →

The post MDEAutomator: Open-source endpoint management, incident response in MDE appeared first on Help Net Security.

A vulnerability classified as critical was found in M-Files Server. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-5964. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

ИИ-багхантеры очень скоро отнимут работу у живых специалистов.

A vulnerability classified as critical was found in bcoos 1.0.10. Affected by this vulnerability is an unknown functionality. The manipulation of the argument lid leads to sql injection. This vulnerability is known as CVE-2007-6266. The attack can be launched remotely. Furthermore, there is an exploit available.

Getting a call saying a family member has been kidnapped is terrifying. Fear and panic take over, making it hard to think clearly. That’s exactly what criminals count on when they use a scam called virtual kidnapping. What is virtual kidnapping? It’s emotional extortion where scammers claim a loved one has been abducted and demand ransom. Using AI-generated voices, social media details, and spoofed caller IDs, they make threats seem real and pressure victims to … More →

The post Virtual kidnapping scams prey on our worst fears appeared first on Help Net Security.

A vulnerability was found in EMC AlphaStor 4.0 and classified as very critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2013-0946. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Компания могла потерять миллиарды, но не потеряла ни цента. Как это вообще возможно?

A vulnerability was found in Dream4 Koobi CMS 4.2.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Index.PHP. The manipulation of the argument area leads to sql injection. This vulnerability is known as CVE-2005-0890. The attack can be launched remotely. Furthermore, there is an exploit available.

Kali Linux has long been the go-to operating system for penetration testers and security professionals, and Learning Kali Linux, 2nd Edition by Ric Messier aims to guide readers through its core tools and use cases. This updated edition introduces new material on digital forensics and reverse engineering, while keeping its focus on practical, hands-on learning. It’s written for people who have at least some familiarity with Linux or command-line environments, but it doesn’t assume deep … More →

The post Review: Learning Kali Linux, 2nd Edition appeared first on Help Net Security.

本文创新性地提出“以攻为守”的防御范式，通过释放有毒输出来对抗模型提取攻击。

A vulnerability has been found in Microsoft Internet Explorer 5.01/5.5/6.0 and classified as critical. This vulnerability affects the function GetObject of the component Security Check. The manipulation leads to improper privilege management. This vulnerability was named CVE-2002-0023. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.