Aggregator

用大模型挖洞了吗？

用大模型挖洞了吗？

用大模型挖洞了吗？

用大模型挖洞了吗？

用大模型挖洞了吗？

The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The tj-actions/changed-files GitHub Action is used in over 23,000 repositories, it automates workflows by […]

Cobalt Strike has released version 4.11 with significant improvements to its evasion capabilities, making the popular red team tool more resilient against modern security solutions.  The update introduces a novel Sleepmask, new process injection techniques, enhanced obfuscation options, and stealthier communication methods – all designed to operate effectively without requiring extensive customization. Major Evasion Enhancements […]

The post Red Team Tool Cobalt Strike 4.11 Released With out-of-the-box Evasion Options appeared first on Cyber Security News.

A newly discovered critical remote code execution (RCE) vulnerability (CVE-2025-24813) has been identified in Apache Tomcat, allowing attackers to fully […]

The post Critical Remote Code Execution (RCE) Vulnerability in Apache Tomcat (CVE-2025-24813) appeared first on HawkEye.

The Danish Agency for Social Security (CFCS) has issued an updated threat assessment warning of severe cyber threats targeting the nation’s telecommunications sector, signaling a heightened alert level for state-sponsored espionage.  The report, which supersedes the 2022 version, underscores an increasing threat landscape, driven by increased targeting of telecom and internet service providers by foreign […]

The post Denmark Warns of Serious Cyber Attacks Targeting Telecommunication Sector appeared first on Cyber Security News.

知名头部安全厂商押注AI/数据赋能安全；Cloudflare 提升防御能力，应对未来量子安全威胁