Aggregator

Миллиарды нейронов, 20 лет исследований — и вот она, фундаментальная ошибка.

ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK.

Why Cyber Risk Is Now Shaped as Much by Nations as by Hackers
Wars are becoming more frequent, and are no longer only kinetic. They are just as active in the cyber world, with impacts much larger than can be imagined. This also leads to state-sponsored hacktivists targeting the critical infrastructure of nations.

Veteran Hardware Hacker's Chip Facilitates More Trustworthy and Secure Devices
How can we trust hardware to not betray us? Enter the Baochip-1x, a piece of largely open-source silicon created by Andrew "Bunnie" Huang, which he said is designed to give developers an affordable, security-focused and attestable chip, not least for building high-assurance, embedded devices.

European Governments Grow Suspicious of Silicon Valley
French abandonment of American software for open-source alternatives continues apace, with all government ministries now facing a fall deadline for outlining plans to reduce their dependence on U.S. tech. France must "regain control of our digital destiny," said public action minister David Amiel.

Patients Allege Health Entities Did Not Get Consent to Record Conversations
Proposed federal class action litigation alleges that two California healthcare organizations violated patient privacy in their use of an AI-enabled ambient tool that records, transcribes, and processes sensitive conversations between clinicians and patients without individuals' consent.

Ex-Microsoft CIO: Mythos Could Surface Known Flaws Faster Than Vendors Can Fix Them
Former Microsoft CIO Jim DuBois and IDC's Frank Dickson say Claude Mythos Preview could rapidly surface long-known but unfixed software flaws at scale, forcing vendors and enterprises to strengthen patch validation, orchestration and deployment before attackers exploit the backlog.

SaaS凭证外泄致GTA运营数据裸奔。

看雪论坛作者ID：saulgoodman_

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than

With global cyber threats escalating and budget cuts looming, CISA needs a Senate-confirmed director. It’s time to confirm Sean Plankey.

The post Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey appeared first on CyberScoop.

根据发表在《Scientific Reports》期刊上的一项研究，龙虾能感受到疼痛，而人类止痛药也能帮助它止痛。这项研究再次表明需要为甲壳类动物开发出更人道的宰杀方法。新研究发现，当挪威龙虾在水中遭受电击时它们会快速摆动尾巴试图逃脱。但如果用止痛药阿司匹林和利多卡因预先为龙虾镇痛，尾巴摆动会减少甚至消失。论文合作者 Lynne Sneddon 称人类止痛药对挪威龙虾也有效，这表明人类生理功能与龙虾十分相似。人类应像对待鸡和牛一样重视对甲壳类动物的饲养和宰杀方式。

IronPE is a minimal Windows PE manual loader written in Rust for both x86 and x64 PE files.

The post Inside the Windows Loader: Replicating Portable Executable Mapping with IronPE in Rust appeared first on Penetration Testing Tools.

An exposed administrative console, accessible without even the most rudimentary password, has transformed a clandestine operation into a

The post Inside the Master Panel: How an Unprotected Server Exposed a Massive X Hijacking Operation appeared first on Penetration Testing Tools.

APT41 is once again pushing its Linux capabilities forward, this time by quietly turning cloud servers into powerful credential theft platforms. The group’s latest Winnti-family backdoor is a zero‑detection ELF implant designed specifically for Linux workloads running on AWS, Google Cloud, Microsoft Azure, and Alibaba Cloud, with a clear focus on stealing cloud credentials at […]

The post APT41 Turns Linux Cloud Servers Into Credential Theft Targets With New Winnti Backdoor appeared first on Cyber Security News.

A diminutive cluster of servers has managed, in a matter of mere hours, to redraw the conventional cartography

The post The 21 Phantom Servers: How a Tiny Botnet Just Hijacked Global RDP Reconnaissance appeared first on Penetration Testing Tools.

The orchestrated strikes across the Middle East may not have been a spontaneous escalation, but rather a meticulously

The post Digital Harbingers: How Iran’s “Charming Kitten” Mapped the Battlefield Before the Missiles Fell appeared first on Penetration Testing Tools.

The FBI Atlanta Field Office, working in a historic joint operation with Indonesian law enforcement, has successfully dismantled a massive global phishing network. The investigation targeted the notorious W3LL phishing kit, a sophisticated toolset that enabled cybercriminals to bypass multi-factor authentication and attempt over $20 million in financial fraud. This landmark case represents the first […]

The post W3LL Phishing Kit Takedown Hits Global Credential Theft and MFA Bypass Operation appeared first on Cyber Security News.

A cybersecurity researcher has uncovered a new Bring Your Own Vulnerable Driver (BYOVD) attack that can turn off top-tier endpoint security solutions, including CrowdStrike Falcon. By reverse-engineering a previously unknown zero-day kernel driver, the researcher revealed how threat actors use legitimately signed drivers to bypass endpoint detection and response (EDR) systems completely. In BYOVD attacks, […]

The post Researcher Reverse Engineered 0-Day Used to Disable CrowdStrike EDR appeared first on Cyber Security News.