Aggregator

近日，复旦大学系统软件与安全实验室的最新研究对智能体应用当前的漏洞现状、漏洞根因以及开发者的缓解实践进行了系统性地评测调研，揭示了智能体应用当前漏洞态势的严峻性，以及开发者在漏洞缓解过程中对于安全和功能的艰难权衡。

In 2025, the U.S. government revoked thousands of visas from international students, often without warning or explanation. According to a newly released study, this opened a door for scammers. Posing as government officials, police, or university staff, they took advantage of students’ fear of losing their status. Researchers interviewed students to learn how they experience these scams and what universities can do to help. Scams that hit international students Scammers approach students through common communication … More →

The post Scammers target international students by threatening their visa status appeared first on Help Net Security.

130 млн невидимых убийц атакуют орбиту — и теперь мы знаем, как спасти от них аппараты.

Microsoft has released a critical security update addressing a severe vulnerability in ASP.NET Core that could enable attackers to execute HTTP request smuggling attacks. On October 14, 2025, the company issued patches for CVE-2025-55315, a security feature bypass flaw affecting the Kestrel web server component with an alarming CVSS score of 9.9, placing it in […]

The post Microsoft Issues Alert on ASP.NET Flaw Allowing HTTP Request Smuggling Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated new remote access trojan called Atroposia has emerged in underground cybercrime marketplaces, offering attackers a comprehensive toolkit for hidden remote desktop access, credential theft, and network manipulation at an accessible price point. Security researchers at Varonis recently discovered the malware being promoted on underground forums, highlighting how advanced cyberattack capabilities are increasingly packaged […]

The post New Atroposia RAT Uses Hidden Remote Desktop, Vulnerability Scanning and Advanced Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AI language models like ChatGPT, DeepSeek, and Copilot are transforming business operations at lightning speed. They help us generate documents, summarise meetings, and even make decisions faster than ever before. But this rapid adoption comes at a price. Employees often use unapproved AI tools on personal devices, risking sensitive company information leaking into ungoverned spaces. […]

The post Ethical Prompt Injection: Fighting Shadow AI with Its Own Weapon appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Эрик Юань уверен: ИИ-алгоритмы справятся с вашими задачами куда лучше вас самих.

Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also work with NOVA, a rule engine that checks for issues such as prompt injection or jailbreak attempts. “Over the past year, MCP has been rapidly adopted by the community to extend AI capabilities. Developers around the … More →

The post Proximity: Open-source MCP security scanner appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.7 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Alex Williams from Pellera Technologies' was reported to the affected vendor on: 2025-10-29, 14 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Febin Mon Saji from Astra Security' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), Demeng Chen, and Brandon Niemczyk of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.4 AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alex Williams from Converge Technology Solutions' was reported to the affected vendor on: 2025-10-29, 96 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.1 AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alex Williams from Converge Technology Solutions' was reported to the affected vendor on: 2025-10-29, 96 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-10-29, 109 days ago. The vendor is given until 2026-02-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.