Aggregator

Новая схема хакеров Luna Moth, которая ставит в тупик стандартные средства защиты.

Cybercriminals have registered more than 4,300 fraudulent domains impersonating FIFA's official web presence since August 2025.

Anne Keast-Butler, director of GCHQ, said Russia's actions have prompted the agency to defend subsea cables and energy pipelines in British waters, disrupt Russian networks smuggling sanctioned technology and countering “reckless sabotage and assassination attempts.”

Social engineering has always worked because it targets the one component no firewall can patch, human judgment. What has changed […]

The post Social Engineering in the AI Age: How Offense Has Evolved and How to Defend appeared first on HawkEye.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw, tracked as CVE-2026-8398, […]

Defenders don’t need to detect every adversary action to prevent a threat. Here’s a more realistic, optimized approach to testing.

Один завод — 10 000 машин, второй уже строится…

A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the chain was a known anti-pattern. The composition across five systems was the finding. Zapier triaged the report within four days of submission on February 12, 2026, revoked the leaked NPM token, and tightened the underlying AWS role … More →

The post Zapier exploit chain shows how known anti-patterns compose into critical risk appeared first on Help Net Security.

Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it.

A five-step flaw chain in the popular automation service, now patched, could have let a single attacker act as any signed-in user across thousands of connected apps.

The post Zapier fixes bug chain that researchers say risked widespread account takeover appeared first on CyberScoop.

欧盟委员会根据 Digital Services Act (DSA)对 Temu 处以 2 亿欧元罚款。原因是 Temu 对其平台上假冒伪劣商品所带来的系统性风险没有尽职尽责的识别、分析和评估，从而给欧盟消费者造成了伤害。欧盟委员会举例说：它调查的充电器有相当高比例的产品未能通过基本的安全测试；在测试的婴儿玩具中，有相当比例的产品存在中度至高度的安全风险，这些玩具含有超过法定安全限值的化学物质，或者由于可拆卸部件而存在窒息危险。欧盟委员会是在 2024 年 10 月 31 日启动调查，2025 年 7 月通过了初步调查结果，5 月 28 日公布处罚。

浏览器已经演变成类似操作系统的复杂平台，但不断加入的新特性也增加了浏览器的攻击面，引入新的漏洞。最新的攻击被称为 FROST(fingerprinting remotely using OPFS-based SSD timing)，通过测量用户使用的 SSD 的部分 I/O（输入/输出）操作时序，攻击者能识别用户在浏览器标签页打开的网站以及正在运行的应用程序。FROST 攻击无需任何交互，只需打开执行攻击的网站。FROST 攻击完全在浏览器中运行。它使用 JavaScript 与 OPFS（origin private file system）交互。OPFS 是 Web API 的一部分，是一个为特定网站预留的专属存储空间，用于运行完成特定任务所需的目标代码。网站无需任何交互就可以直接创建该空间。该攻击的一大缺陷是需要的 OPFS 文件比较大，可能需要 1GB 左右，因此会容易检测出来。

A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]

Юрлицам в РФ грозит штраф до 700 тысяч рублей за отправку уведомлений о долгах в иностранных сервисах.

宇树真正的价值，不在招股书的财务报表里，而在它在全球具身浪潮里站的那个位置上。

In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the best thing to happen to cybersecurity.

AI-generated election misinformation could shape public opinion and influence the lives of millions of people. To address those risks, OpenAI outlined a series of safeguards ahead of the 2026 election cycle. The company said its efforts will focus on helping users access voting information, supporting cybersecurity defenders, and improving transparency around AI-generated content. “People already use ChatGPT to ask practical questions in their preferred languages about civic events: how to register, where to vote, what … More →

The post OpenAI prepares ChatGPT for the election misinformation wave appeared first on Help Net Security.

上周末在家吃饭，跟正读高二的老大聊起对前途的一些想法。按他的一些摸底成绩，也就是600分左右的选手，对一这个成绩他妈妈是又着急又不得不耐着性子小心翼翼地去引导。

Qumulo has unveiled Qumulo NeuralProtect, a ransomware resilience solution built to protect data at the storage layer by detecting and stopping threats before data is encrypted, corrupted, or lost. Integrated directly into the Qumulo Data Platform, NeuralProtect inspects every file at the precise point-of-write using a series of AI-driven analysis models to detect both known and zero-day threats, instantly isolating malicious activity and enabling rapid recovery. NeuralProtect shifts ransomware protection from reactive recovery to proactive … More →

The post Qumulo NeuralProtect uses AI to detect and stop ransomware before encryption appeared first on Help Net Security.

Many organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workflows can help IT teams reduce delays and improve response times. [...]