Aggregator

Microsoft 365's dominance and tight integration makes it a massive target in today's cyber landscape. Its tight integration expands the attack surface and amplifies risk. Learn from Acronis TRU why backup blind spots & lateral movement risks demand stronger defenses. [...]

Attackers injected malicious code into GitHub Actions workflows in a widespread campaign to steal Python Package Index (PyPI) publishing tokens. While some tokens stored as GitHub secrets were successfully exfiltrated, PyPI administrators have confirmed that the platform itself was not compromised and the stolen tokens do not appear to have been used. The attack campaign […]

The post Hackers Injecting Malicious Code into GitHub Actions Workflows to Steal PyPI Publishing Tokens appeared first on Cyber Security News.

Tired of IP Lists? Securely connect private networks to any app by its hostname, not its IP address. This routing is now built into Cloudflare Tunnel and is free for all Cloudflare One customers.

Submit #640605 / VDB-324814

In December 2024, we warned against the rapid evolution of adversary tactics, techniques, and procedures (TTPs) in 2025. Our predictions have come true, as cybercriminals leverage millions of dollars in profits to develop new malware technologies and support them with increasingly sophisticated procedures.

The post Adversary TTPs are Rapidly Evolving: What It Means for Your SOC appeared first on Security Boulevard.

Минимальные права разработчика оказались билетом в закрытые недра корпоративных серверов.

Onder toeziend oog van koning Willem-Alexander, laten infanteristen zich uit een C-130 Hercules-transportvliegtuig vallen. Zelf springt hij niet, maar de koning weet nu wel hoe een luchtlandingsoperatie in zijn werk gaat. Hoe pak je spullen in, die de militairen op de grond nodig hebben en hoe drop je een lading? De koning werd er vanmorgen over geïnformeerd voordat hij met de parachutisten op Vliegbasis Eindhoven opsteeg. 

Microsoft is adding free AI-powered text writing capabilities to Notepad for customers with Copilot+ PCs running Windows 11. [...]

A vulnerability marked as problematic has been reported in Huawei HarmonyOS and EMUI. Impacted is an unknown function of the component HUKS Module. The manipulation leads to business logic errors. This vulnerability is referenced as CVE-2024-56438. The attack can only be performed from a local environment. No exploit is available.

A vulnerability labeled as critical has been found in Huawei HarmonyOS 5.0.0. This affects an unknown part of the component Contacts Module. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-46586. Local access is required to approach this attack. No exploit exists.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component App Lock Module. The manipulation leads to information management error. This vulnerability is documented as CVE-2025-46588. The attack needs to be performed locally. There is not any exploit available.

A vulnerability described as critical has been identified in Huawei HarmonyOS and EMUI. This affects an unknown function of the component App Multiplier Module. The manipulation results in permission issues. This vulnerability is reported as CVE-2024-9136. The attack requires a local approach. No exploit exists.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been declared as problematic. Affected by this issue is some unknown functionality of the component App Lock Module. The manipulation results in information management error. This vulnerability is reported as CVE-2025-46589. The attack requires a local approach. No exploit exists.

因内容安全类漏洞奖励金额已达上限，内容安全定额奖励活动即日起暂停。

「攻界智汇，技破万防」第十五期「度安讲」技术沙龙及BSRC极客之夜，在热烈的技术碰撞与互动狂欢中顺利落幕。

Переговоры с Китаем ещё не начались, но США их уже проиграли.

A vulnerability was found in LDAPAccountManager lam up to 9.2. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Profile Section. Performing manipulation of the argument profile name results in cross site scripting. This vulnerability is known as CVE-2025-58174. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic was found in matrix-org matrix-js-sdk up to 38.1.x. This issue affects the function MatrixClient::getJoinedRooms. Such manipulation leads to insufficient verification of data authenticity. This vulnerability is listed as CVE-2025-59160. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.