Aggregator

Trivy 0.69.4版本已被植入后门，带有恶意程序的容器镜像与GitHub官方安装包已推送至普通用户端。

虚假AI监管政策事件标志着网络谣言已发生本质性跃迁，从传统的“信息失真”升级为“认知层攻击”。

Hello, this is Shihono from the Global Coordination Division. In early March, we traveled to Baku, the capital of Azerbaijan, and had the opportunity to visit five organizations, including CSIRTs and facilities involved in cyber security workforce development. In this...

There’s a debate making the rounds in security circles that sounds reasonable on the surface but falls apart under operational scrutiny: Which is better, breach and attack simulation (BAS) or automated penetration testing (APT)? Security vendors have stoked this debate for obvious reasons, with some even explicitly arguing that automated pentesting should replace BAS entirely. But for practitioners responsible for defending an organization, this framing is the problem. It represents a coverage regression disguised as … More →

The post You don’t have to choose between BAS or automated pentesting, you shouldn’t appeared first on Help Net Security.

Epic Games 宣布裁员逾千人，原因是其主要收入来源《堡垒之夜（Fortnite）》的玩家减少收入下滑，为维持公司运营而不得不裁员。《堡垒之夜》曾风靡一时，为 Epic Games 带来了上百亿美元的收入，以至于 Epic 推出了一个游戏商店，为吸引玩家每周都提供免费游戏，但最近几年其流行度在衰退。Epic 强调裁员与 AI 无关，而是为了减少支出控制成本。Epic Games 有逾四千名雇员，裁掉的人数占到了总人数的四分之一。腾讯是 Epic Games 的大股东。

Кости 60 бизонов в Гран-Долина выдали секрет древних охотников.

Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing about how people perform when a real incident hits. Real attacks trigger anxiety, cognitive narrowing, and hesitation. People fixate on the loudest problem in the room, lose sight of the bigger picture, and slow down when … More →

The post Why your phishing simulations aren’t building a security culture appeared first on Help Net Security.

Currently trending CVE - Hype Score: 1 - The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

Обилие инструментов делает ИИ-агентов легкой добычей.

One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience Risk Index, has barely moved in a year, even as organizations continue to add security tools and increase spending. The report, which draws on multi-year endpoint telemetry alongside external research, finds that the gap between security deployment and … More →

The post Your security stack looks fine from the dashboard and that’s the problem appeared first on Help Net Security.

Iran-aligned groups are trying to make their mark in the Gulf, but the results have fallen short of remarkable.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Brandon Evans of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L severity vulnerability discovered by 'Jonathan Lein of TrendAI Research' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N severity vulnerability discovered by 'David Fiser & Alfredo Oliveira of TrendAI Research' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Gu YongZeng (@0x0dee)' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of TrendAI Zero Day Initiative & Nitesh Surana (niteshsurana.com) of TrendAI Research' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'VMBreakers(SANGBIN KIM, GANGMIN KIM, Un3xploitable)' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-03-25, 15 days ago. The vendor is given until 2026-07-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.