Aggregator

它破坏了企业服务赖以生存的整条信任链

Cybercriminals are spoofing Fédération Internationale de Football Association (FIFA) websites ahead of the 2026 FIFA World Cup, the FBI warns. The attackers are registering lookalike domains with small spelling changes or different domain endings to impersonate FIFA websites and services. The tactic, known as typosquatting, relies on users making small typing mistakes when entering website addresses. People who land on the fake sites may hand over names, addresses, phone numbers, email addresses, banking details, or … More →

The post A single typo could derail your World Cup plans appeared first on Help Net Security.

GCHQ director urges urgent business cyber action as AI and quantum reshape the threat

Любой сайт может узнать, какие вкладки и приложения открыты на вашем устройстве.

A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. [...]

An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.

Как безответственное раскрытие уязвимостей превращает багхантеров в невольных сообщников.

Recently, multiple supply-chain incursions have plagued the NPM ecosystem. Typically, cybercriminals leverage leaked credentials to manipulate repositories and distribute compromised iterations. However, an utterly bizarre campaign has recently materialized. Specifically, the popular NPM package...

The post The CodexUI Android Anomalous Supply-Chain Inversion: A Paradox of Developer Malevolence appeared first on Information Security News.

FT 报道，英伟达 CEO 黄仁勋已同意加入清华大学经管学院的顾问委员会——该委员会现任主席是苹果 CEO 库克(Tim Cook)——黄仁勋正力争维持与北京方面的关系。清华大学位于北京，是中国专注于科学和工程的顶尖学府，该校经济管理学院顾问委员会的公开目标包括帮助该商学院加强国际联系和塑造长期战略。委员会中的美国企业高管还包括了马斯克（Elon Musk）、扎克伯格（Mark Zuckerberg）以及微软 CEO 纳德拉(Satya Nadella)。

Recently, an independent security researcher publicly exposed a critical zero-day vulnerability alongside its functional proof-of-concept code. Specifically, the exploit bypasses the Microsoft BitLocker encryption subsystem under the moniker YellowKey. Consequently, the Microsoft Threat Intelligence...

The post The Escalating Rift Over Zero-Day Disclosures: Microsoft Condemns Uncoordinated Vulnerability Release appeared first on Information Security News.

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026

由于内存和 SSD 价格飙升，Valve 大幅提高了 Steam Deck 掌机的售价。以美国地区为例，512GB OLED 版本售价从 549 美元提高到 789 美元，上涨 240 美元；1TB OLED 版本售价从 649 美元提高至 949 美元，上涨 300 美元。Steam Deck 掌机于 2022 年 2 月推出，早期版本使用的屏幕是 LCD，2023 年 11 月 Valve 将屏幕从 LCD 升级到 OLED，淘汰了 LCD 版本。Steam Deck 配备的是 16 GB LPDDR5，从去年底开始内存价格上涨了数倍，SSD 的涨势没有这么夸张，但也更贵了。

Сотрудник поисковика поднял деньги на Polymarket и ждет приговора.

Google 安全工程师 Michele Spagnuolo 利用内部消息在预测市场 Polymarket 押注歌手 d4vd 成为 2025 年 Google 搜索量最高的人物而获利 120 万美元，他被控犯有欺诈罪，于周三上午被捕，后以 225 万美元保释金获释。Spagnuolo 能访问内部数据系统，包括一个能访问未公开年度搜索数据的工具。Polymarket 平台观察者在去年 12 月注意到账号 AlphaRaccoon 在年度搜索量最高的人物上进行可疑交易，Spagnuolo 就是该账号的所有者，他从相关投注上获利 120 万美元。Google 表示正配合调查，称 Spagnuolo 的行为违反了公司政策。  

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure," Wiz researchers Shira Ayal,

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage […]

Российский генпрокурор подписал в Пекине три двусторонних документа.