Aggregator

A vulnerability was found in SSH 1.2.25 on HP-UX and classified as critical. This affects an unknown part. The manipulation results in improper privilege management. This vulnerability is cataloged as CVE-1999-0310. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Kolban Webcam32 4.8.3. It has been declared as critical. This issue affects some unknown processing of the component Administration. Such manipulation as part of URL leads to memory corruption. This vulnerability is documented as CVE-1999-1292. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in HP HP-UX 10.01/10.10/10.20/11.00. It has been rated as problematic. Impacted is an unknown function of the component SharedX recserv. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-1999-0779. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A new cybercrime platform called ATHR is making it much easier for attackers to run large-scale phone-based phishing operations, also known as vishing. Instead of relying on malicious links or infected email attachments, this platform sends simple-looking emails with just a phone number. When the target calls that number, they are walked into a carefully […]

The post Hackers Use ATHR to Run AI-Powered Vishing, Credential Theft, and Phone-Based Phishing at Scale appeared first on Cyber Security News.

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds

The House passed stopgap legislation to extend a warrantless government surveillance power for 10 days, following a failed lobbying campaign by the Trump administration.

嗯，用户让我总结一下这篇文章的内容，控制在100个字以内，而且不需要用“文章内容总结”之类的开头。直接写描述就行。 首先，我需要通读整篇文章，抓住主要信息。文章主要讲的是印度公司向西非出口大量合成阿片类药物Tapentadol，这些药物在西非未获批准。过去三年里，出口量激增，导致当地阿片滥用问题加剧。还提到了监管漏洞和非法运输的情况。 接下来，我需要把这些信息浓缩到100字以内。要包括来源（印度）、目的地（西非）、数量（超过3.2亿粒）、问题（未获批准、滥用）、以及监管的问题。 可能的结构是：印度公司过去三年向西非出口大量未获批准的Tapentadol，导致滥用问题严重，监管存在漏洞。 检查一下字数，确保不超过限制。同时保持语言简洁明了。 印度公司过去三年向西非出口了超过3.2亿粒未获批准的合成阿片类药物Tapentadol，导致当地滥用问题加剧。这些药物通常以高剂量形式非法流入西非国家如塞拉利昂和加纳，并被贩运至其他地区。尽管印度加强了监管措施，但非法出口仍在持续，凸显出监管漏洞和跨国贩运网络的复杂性。

A vulnerability classified as critical was found in Microsoft Office 2019/LTSC/LTSC 2021/LTSC 2024. This issue affects some unknown processing of the component Excel. The manipulation results in use after free. This vulnerability is cataloged as CVE-2026-32189. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Microsoft Office 2019/LTSC/LTSC 2021/LTSC 2024. This vulnerability affects unknown code of the component Excel. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-32188. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in Legion of the Bouncy Castle BC-JAVA up to 1.83 and classified as critical. This affects an unknown part. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2026-3505. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

Доход сервисов для создания интимных изображений без согласия превысил 122 миллиона долларов.

The Agent Readiness score can help site owners understand how well their websites support AI agents. Here we explore new standards, share Radar data, and detail how we made Cloudflare’s docs the most agent-friendly on the web.

Today, we’re excited to give you a sneak peek of our support for shared compression dictionaries, show you how it improves page load times, and reveal when you’ll be able to try the beta yourself.

Authorities take down W3LL phishing ring, AgingFly malware steals Ukrainian government data, and actors exploit Nginx flaw to hijack servers.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”之类的开头，直接写描述。首先，我需要仔细阅读文章，理解每个部分的主要信息。 文章分为三个部分：“The Good”、“The Bad”和“The Ugly”。在“The Good”部分，FBI和印尼合作打击了一个名为W3LL的钓鱼平台，逮捕了开发者，并关闭了其市场。此外，还有两人因帮助朝鲜IT工人在美国企业工作而被判刑。这部分显示了执法机构的成功行动。 接下来是“The Bad”，乌克兰CERT-UA发现了一种名为AgingFly的新恶意软件，通过钓鱼邮件攻击政府、医院等机构。这种恶意软件功能强大，能够远程控制系统，并利用开源工具窃取数据。这表明网络攻击的复杂性和持续威胁。 最后是“The Ugly”，Nginx UI的一个关键漏洞CVE-2026-33032被利用，导致服务器被劫持。攻击者无需认证即可控制服务器，尽管已经修复，但仍有大量暴露实例存在。这强调了及时更新和安全措施的重要性。 总结时需要涵盖这三个方面：执法行动、恶意软件攻击和漏洞利用。确保在100字以内简洁明了地表达出来。 FBI与印尼合作打击W3LL钓鱼平台并逮捕其开发者；美籍人士协助朝鲜IT人员在美国企业获取职位被判刑；乌克兰CERT-UA发现AgingFly恶意软件攻击政府及医院；Nginx UI漏洞被用于服务器劫持。

How We Respond Will Determine the Future Of Cybersecurity and the Digital World
The introduction of Anthropic's Mythos model signals a shift in the cybersecurity industry - one not yet fully understood, which prompted Project Glasswing: a coordinated group of ecosystem partners who have been given early access to this capability to define impending future threats before they hit.

Equifax CTO Jamil Farshchi on Cybersecurity's Response to Flood of Vulnerabilities
Cybersecurity organizations must adapt to machine-speed threats in the age of Anthropic's Claude Mythos, a new AI model that can uncover vulnerabilities and lead to a flood of repaid exploits. Equifax CTO Jamil Farshchi says security programs must be built for scale, automation and quick response.