Aggregator

This practitioner-focused review covers Acalvio ShadowPlex, a deception-first platform designed to stop attacker progress across IT, cloud, OT,…

Исследователи обнаружили в Coruna 23 эксплойта для версий iOS от 13.0 до 17.2.1.

晋江文学城因内容审核标准问题陷入舆论漩涡，并因此引发了一场大规模的用户“发票抗议”。风波始于晋江文学城于近日突然锁定热门女性向小说《女主对此感到厌烦》，相关提示为“文章设定有问题，锁文要求清理”。这一操作迅速引发读者的不满与质疑。锁文事件引发舆论后，晋江平台管理员发帖说明《女主对此感到厌烦》临时锁定事件，称该作品因疑似含有挑动对立情绪的内容，网站依规对其进行临时锁定核查。经初步核查确认，未发现该文存在无差别扫射某一群体等明显违规行为，现对该作品恢复上架。然而这份说明中关于内容审核的具体标准，却引发了更大的争议。说明中明确“严禁使用非经汉语权威机构承认的生造字词或短语”，并举例“老天奶（为网络通用口语，类似‘老天爷’的变体）”。但有用户发现，晋江官方账号此前曾使用“老天奶”一词进行内容宣传。在被用户质疑后，相关博文已被删除。3 月 25 日，对晋江文学城不满的用户集体申请历史充值发票，到晚间，排队人数飙升至 19 万以上，规模空前。

Currently trending CVE - Hype Score: 2 - An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter ...

Currently trending CVE - Hype Score: 1 - An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have ...

Currently trending CVE - Hype Score: 21 - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Currently trending CVE - Hype Score: 6 - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests ...

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active, so it’s expected to catch something. But very

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them," Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. "No clicks, no

The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]

Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers have released a scanning script. BPFdoor US, Canadian, European and Asian telcos have been repeatedly hit by the infamous Salt Typhoon group in the past few years. Red Menshen has been previously observed using the BPFDoor implant/backdoor when targeting … More →

The post Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks appeared first on Help Net Security.

It hides inside developer tools, then monitors activity and steals data, turning a single infection into a wider risk across the supply chain.

The post GlassWorm attack installs fake browser extension for surveillance appeared first on Security Boulevard.

В Москве 9 апреля пройдет конференция R-EVOlution 2026 об эффективности ИТ и ИБ

When we investigated why our Atlantis instance took 30 minutes to restart, we discovered a bottleneck in how Kubernetes handles volume permissions. By adjusting the fsGroupChangePolicy, we reduced restart times to 30 seconds.

Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. [...]

The European Commission opened an investigation into Snapchat and warned four pornographic platforms they could face penalties for failing to follow child safety laws.

Когда ваш умный дом начнет спорить с вами о политике, вспомните, что нейросети целый год усердно кормили враньем.

GNOME 基金会宣布了面向资深开发者的奖学金（Fellowship）计划，资助有经验的开发者投入 1 年/12 个月时间专注于某个领域的开发。奖学金的申请者必须是 GNOME 项目的资深贡献者，拥有良好的记录。根据其经验和所处地点他们将获得 7 万 - 10 万美元的资助。首批将于 5 月公布。首批重点领域包括构建系统、CI/CD 基础设施、开发者工具、文档、可访问性和解决技术债务。

安卓逆向第二阶段完结，在第二与第三阶段这个空档期间，提前更新发布了6集第四阶段的实战内容给全阶段的朋友！