Aggregator

The art of composing encrypted correspondence via mobile devices has achieved a newfound elegance. Google has integrated end-to-end

The post One-Touch Security: Google Brings End-to-End Encryption to the Gmail Mobile App appeared first on Penetration Testing Tools.

Axios攻击影响OpenAI，伊朗APT瞄准美关键基础设施，JanelaRAT拉美肆虐。

A widespread cyber espionage campaign leveraging 108 malicious Google Chrome extensions. According to a recent report by Socket, these extensions are explicitly designed to steal sensitive user data and hijack active web sessions. The attackers manage this extensive operation through a highly organized, shared Command and Control (C2) infrastructure. This centralized setup makes it significantly […]

The post Hackers Use 108 Chrome Extensions to Steal User Data Through Shared C2 Infrastructure appeared first on Cyber Security News.

The AISI has issued its judgement on Anthropic’s Mythos Preview model

AI is becoming part of professional and private life, reaching mainstream adoption faster than the personal computer or the internet. These systems are tested in reasoning, safety, and real-world tasks, but the reliability of those measurements remains uncertain. The 2026 AI Index from Stanford’s Institute for Human-Centered Artificial Intelligence outlines the broader environment around this growth, including economic value, labor market effects, and the role of AI sovereignty. It also examines developments in science and … More →

The post AI adoption is outpacing the safeguards around it appeared first on Help Net Security.

С 15 апреля ждали тотальной блокировки, но ограничения уже работают.

A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration […]

A vulnerability was found in Siemens Industrial Edge Management Pro V1, Industrial Edge Management Pro V2 and Industrial Edge Management Virtual up to 2.7.x. It has been rated as critical. Affected is an unknown function. This manipulation causes authentication bypass by primary weakness. This vulnerability is handled as CVE-2026-33892. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary up to 5.7. It has been declared as very critical. This impacts an unknown function of the component Device Group Handler. The manipulation results in incorrect privilege assignment. This vulnerability is known as CVE-2026-27668. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens SINEC NMS up to 4.0 SP2. It has been classified as critical. This affects an unknown function of the component Password Reset Handler. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2026-25654. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Siemens SINEC NMS up to 4.0 SP2 and classified as critical. The impacted element is an unknown function of the component UMC. Executing a manipulation can lead to improper verification of cryptographic signature. This vulnerability appears as CVE-2026-24032. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025, Solid Edge SE2026 and Tecnomatix Plant Simulation and classified as critical. The affected element is an unknown function of the component Analytics Service Endpoint. Performing a manipulation results in improper certificate validation. This vulnerability is reported as CVE-2025-40745. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

一款能让 AI 真正动手操作浏览器，像一个资深测试工程师一样，自主探索系统、发现问题、生成用例的

How many browsers extensions do you have running? Most enterprise users have at least one and seven out of ten have seen an extension expand its permissions over the last 12 months—with AI extensions being the worst offenders…by sixfold. 

The post Over Permissive and Proliferating, AI-Driven Browser Extensions Create Security Blindspots  appeared first on Security Boulevard.

当地时间4月13 日，中东时间深夜。以色列国防军总参谋长埃亚尔 · 扎米尔中将向全军下达了一道命令 —— 所

我见过太多情报分析失败的案例，不是因为信息不够，而是因为分析错了。

根据发表在 PNAS 期刊上的一项长期研究，儿童时期饮用含氟自来水对直至 80 岁的智商和大脑功能没有影响。美国反疫苗的卫生部长 Robert F. Kennedy Jr.此前宣称饮用水中的氟化物与 IQ 下降相关。美国多个红州——其中包括犹他州和佛罗里达州——已经颁布了禁令禁止在饮用水中添加氟化物，理由是担心氟化物导致 IQ 下降。肯塔基州、路易斯安那州、密苏里州和俄克拉荷马州等也在审议类似的立法。反对饮用水中添加氟化物的人士引用的研究多来自中国等国，这些国家饮用水中的氟化物浓度远高于美国，相关研究认为氟化物可能与儿童 IQ 有关。根据美国 CDC 的数据，预防龋齿的饮用水最优氟化物浓度为每升 0.7 毫克，相当于在 55 加仑的水桶中滴入 3 滴。美国饮用水法定氟化物浓度上限为每升 4.0 毫克。

A vulnerability categorized as critical has been discovered in Mozilla Firefox up to 148. This issue affects some unknown processing of the component Canvas2D. The manipulation results in memory corruption. This vulnerability is reported as CVE-2026-4707. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Mozilla Firefox up to 148. Impacted is an unknown function of the component Graphics. This manipulation causes memory corruption. This vulnerability appears as CVE-2026-4708. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Mozilla Firefox up to 148. The affected element is an unknown function of the component GMP. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2026-4709. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.