Aggregator

A new case of software supply-chain compromise has been uncovered on the crates.io platform: a malicious Rust package

The post Rust Crates.io Hack: ‘evm-units’ Package Infected 7K Web3 Developer Workstations appeared first on Penetration Testing Tools.

Windows 10 has now been officially retired from support, yet it still powers nearly a billion personal computers

The post 1 Billion PCs Stranded: Windows 11 Transition Lags, Increasing Security Risk appeared first on Penetration Testing Tools.

Submit #692915 / VDB-334250

Submit #692914 / VDB-334249

Submit #692910 / VDB-334248

Submit #692909 / VDB-334247

Submit #692907 / VDB-334246

Incode has launched Deepsight, an AI defense tool that detects and blocks deepfakes, injected virtual cameras, and synthetic identity attacks. As AI systems increasingly interact and transact autonomously, the ability to instantaneously separate real people from AI-generated fakes becomes critical. Deepsight’s multi-modal AI analyzes video, motion, and depth data to expose inconsistencies that synthetic media cannot reproduce, all in under 100 milliseconds and without adding friction. “Deepfakes have evolved beyond novelty. They are now a … More →

The post Incode Deepsight targets deepfakes and synthetic identity threats appeared first on Help Net Security.

Google is testing AI-generated headlines in the Discover feed, replacing original news titles with machine-crafted phrasing. The change

The post Alarm: Google AI Headlines in Discover Feed Distort News and Mislead Readers appeared first on Penetration Testing Tools.

Django Python Web 框架项目宣布释出 Django 6.0。主要新特性包括：支持内容安全政策（Content Security Policy 或CSP）；模板语言支持模板局部（Template Partials）；使用 Python 的 email API 处理邮件；等等。

Django 6.0发布，新增特性包括支持内容安全政策、模板局部功能以及邮件处理API。

An unexpected attempt to watch the India–Pakistan match led a network researcher to uncover a compromised europa[.]eu subdomain

The post Official EU Subdomain Hacked: Used for SEO Poisoning and Scam Stream Redirects appeared first on Penetration Testing Tools.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，理解其主要观点。 文章主要讨论了首席信息安全官（CISO）面临的两大类威胁：基本风险和生存风险。基本风险包括多因素认证（MFA）采用率低、安全卫生差等问题。生存风险则涉及现代软件供应链的脆弱性，尤其是开源代码带来的潜在漏洞。 接下来，我需要将这些要点浓缩到100字以内。要确保涵盖基本风险和生存风险，同时提到MFA、开源代码问题以及CISO的应对策略。 最后，检查语言是否简洁明了，避免使用复杂的术语，确保总结清晰易懂。 文章指出，首席信息安全官（CISO）面临两大威胁：基本风险（如多因素认证采用不足、安全卫生差）和生存风险（如复杂软件供应链中的开源代码漏洞）。这些长期问题因资源分配不当和对新威胁的过度关注而加剧。CISO需通过加强基础安全措施、优化第三方风险管理来应对挑战。

Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most.

The post Sleepless in Security: What’s Actually Keeping CISOs Up at Night  appeared first on Security Boulevard.

KubeCon in Atlanta delivered a wave of high-profile Kubernetes announcements, yet one of the most consequential developments slipped

The post Kubernetes Ingress NGINX EoL: Critical Component Deprecated Due to Lack of Funding appeared first on Penetration Testing Tools.

稳定版内核维护者 Greg Kroah-Hartman 宣布释出 Linux 5.4.302。这是 5.4 系列最后一个稳定版本，该系列已终止支持，他不再建议任何人使用，因为有大量 bug 没有修复，他提供了未修复 CVE 漏洞的列表，目前数量高达 1539 个，未来这个数字只会继续增加。Linux 5.4 于 2019 年 11 月 24 日释出，是第 20 个长期支持（LTS）版本。

Linux 5.4.302作为5.4系列最后一个稳定版本发布，已终止支持。维护者建议不再使用该版本，并指出其存在大量未修复漏洞（目前1539个），未来漏洞数量将持续增加。

The Cybersecurity and Infrastructure Security Agency released five critical Industrial Control Systems advisories on December 2, 2025, addressing significant security threats across industrial environments. These advisories cover vulnerabilities and active exploits affecting systems used in manufacturing, power generation, and medical device operations worldwide. The timing of this release highlights growing concerns about the targeted nature […]

The post CISA Releases Five ICS Advisories Covering Vulnerabilities, and Exploits Surrounding ICS appeared first on Cyber Security News.

重点关注

当我们观察中国 IPv6 部署时，常常会看到这样的数据： 8.68 亿活跃用户、 7 万多个地址块的部署。