Aggregator

Prime Minister Donald Tusk said the suspects were allegedly recruited to conduct attacks aimed at destabilizing the country.

Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324

Multiple critical vulnerabilities affecting SonicWall’s SMA100 series SSL-VPN appliances, highlighting persistent security flaws in network infrastructure devices.  The vulnerabilities, designated CVE-2025-40596, CVE-2025-40597, and CVE-2025-40598, demonstrate fundamental programming errors that enable pre-authentication attacks against firmware version 10.2.1.15. Key Takeaways1. Stack overflow, heap overflow, and XSS in SonicWall SMA100 SSL-VPN devices.2. Both overflows triggered without authentication via […]

The post SonicWall SMA100 Series N-day Vulnerabilities Technical Details Revealed appeared first on Cyber Security News.

AI短视频流量变现方案

A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44.

With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do.

Власти душат интернет, но люди не собираются так легко сдаваться.

FBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. [...]

注：本文为手稿。手稿分为上下两个部分，分别是《论以攻促防的本质》与《论以防启攻的本质》。

Palo Alto, California, July 29th, 2025, CyberNewsWire Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent Geco Colorpick case exemplifies how these certifications provide nothing more than a false sense of […]

The post SquareX Discloses Architectural Limitations Of Browser DevTools In Debugging Malicious Extensions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. [...]

Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks.

两年前，中国的大学警告学生不要在作业中使用 AI。今天的大学逆转了立场，鼓励学生使用 AI，只要他们遵守最佳实践（best practices）。根据麦可思研究院(MyCOS Institute)的调查，生成式 AI 已基本普及，只有 1% 的师生表示从未在学习或工作中使用 AI，近六成被调查者表示每天或每周数次使用 AI。随着 DeepSeek 的流行，人们日益将生成式 AI 视为国家骄傲的来源。高校的讨论重心逐渐从担忧 AI 对学术诚信的影响转向鼓励学生提高素养、提高生产力和保持领先。斯坦福大学 Institute for Human-Centered Artificial Intelligence (HAI)的调查发现，中国对 AI 热情领先于世界其它国家，八成的人对 AI 感到兴奋，相比下美国和英国仅为 35% 和 38%。MIT Technology Review 对 46 所中国顶尖大学 AI 战略的调查发现，几乎所有学校过去一年引入了跨学科的 AI 通识教育课和 AI 相关学位。清华大学、人民大学、南京大学和复旦大学等推出了 AI 素养课程和学位，面向所有学生而不只是计算机科学专业的学生。教育部于 2025 年 4 月发布了国家“AI +教育”指南，呼吁进行全面改革。

为深化产教融合、推动教育创新，蚂蚁集团正式启动“2025年教育部产学合作协同育人项目”申报工作。

А контент с элементами порнографии попадёт под блокировку с 10 августа.

A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter's dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion attacks. "Chaos RaaS actors initiated

A vulnerability was found in CodeIgniter4 4.6.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument debugbar_time leads to cross site scripting. This vulnerability is handled as CVE-2025-45406. The attack may be launched remotely. There is no exploit available.

Singapore’s critical infrastructure faces an escalating cyber threat from UNC3886, a sophisticated Chinese state-linked Advanced Persistent Threat (APT) group that has been systematically targeting the nation’s energy, water, telecommunications, finance, and government sectors. The group, which first emerged circa 2021 and was formally identified by Mandiant in 2022, represents one of the most technically advanced […]

The post UNC3886 Actors Know for Exploiting 0-Days Attacking Singapore’s Critical Infrastructure appeared first on Cyber Security News.