冒充知名开发者骗过AI合并恶意代码到主分支
开源软件供应链安全再次拉响警报。近日,安全研究人员发现了一种新型攻击方式。
Aggregator
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
2 days 22 hours ago
Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on […]
Pierluigi Paganini
CoinBase Cartel
2 days 22 hours ago
You must login to view this content
cohenido
CoinBase Cartel
2 days 22 hours ago
You must login to view this content
cohenido
CoinBase Cartel
2 days 22 hours ago
You must login to view this content
cohenido
Critical flaw in Protobuf library enables JavaScript code execution
2 days 22 hours ago
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. [...]
Bill Toulas
Частица, которая спасла бы физику. Стерильное нейтрино искали 30 лет — как жаль, что оно оказалось миражом
2 days 22 hours ago
Как эксперименты по всему миру похоронили главную гипотезу устройства Вселенной.
[un]prompted 2026 – Trajectory-Aware Post-Training Security Agents
2 days 22 hours ago
Author, Creator & Presenter: Aaron Brown, Agentic AI Builder, AWS
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Trajectory-Aware Post-Training Security Agents appeared first on Security Boulevard.
Marc Handelman
Grinex 交易所声称遭敌对国家黑客入侵
2 days 23 hours ago
注册于吉尔吉斯斯坦的加密货币交易所 Grinex 宣布暂停运营,它声称遭到敌对国家政府黑客的入侵,被盗走逾 1300 万美元加密货币。攻击针对的目标是该交易所的俄罗斯用户。Grinex 称,攻击的数字痕迹和性质表明,攻击者拥有前所未有的资源和技术,此类资源和技术通常只有敌对国家政府机构才拥有。初步数据表明攻击是经过协调的,旨在直接损害俄罗斯的金融主权。Grinex 被广泛视为是 Garantex 的新名字,Grinex 去年遭到了美国财政部的制裁。区块链研究公司 Elliptic 称,Grinex 与俄罗斯关系密切,是俄罗斯卢布兑换加密资产的最大交易所之一,迄今交易总额逾 60 亿美元。
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
2 days 23 hours ago
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.
Deeba Ahmed
Microsoft Teams right-click paste broken by Edge update bug
2 days 23 hours ago
Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. [...]
Lawrence Abrams
大白鲨面临过热风险
2 days 23 hours ago
大白鲨需要维持自身体温高于周围的海水,但在气候变化导致海洋变暖的时代,它们面临过热风险。鲨鱼属于中温动物(mesothermic),它们能利用代谢产生的热使体温高于周围海水,这具有演化上的优势,它们能拥有更高的游动速度、更强的捕食能力以及能长距离迁徙。然而在温暖的水域它们面临过热的风险,即身体产生热量的速度超过了散热的速度。中温动物在海洋暖化的时代不得不减缓游动速度、改变血液流动方式或潜入更冷的水域,捕食因人类过度捕捞而日益减少的食物。根据研究人员的计算,一吨重的温血鲨鱼难以在水温高于 17 摄氏度的水域生存。
Антивирус не спасет: хакеры теперь прячут целые ОС в обычных файлах
2 days 23 hours ago
Новый вирус-вымогатель использует виртуальные машины для обхода защиты.
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
2 days 23 hours ago
NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. [...]
Sponsored by NAKIVO
暗能量巡天绘制出迄今最大的高分辨率 3D 宇宙地图
3 days ago
暗能量光谱仪(Dark Energy Spectroscopic Instrument, DESI)为期五年的暗物质巡天绘制出迄今最大的高分辨率 3D 宇宙地图。DESI 安装于美国亚利桑那州 Kitt Peak 国家天文台的 Nicholas U Mayall 4 米望远镜上,搭载可同时观测 5000 个天体光谱的系统,透过量测星系与类星体的红移重建 3D 宇宙分布。DESI 早期资料显示暗能量可能随时间演变,而非固定不变的宇宙学常数。该结果若被完整五年资料证实,将意味着现有宇宙学模型需要修正,甚至可能牵动对基本物理定律的重新理解。目前 DESI 已测量的星系与类星体数量达到过去所有观测总和的六倍,最终累积超过 4700 万个星系与类星体,以及约 2000 万颗恒星,提供前所未有的统计精度,使宇宙在不同时期的膨胀速率与星系分布差异得以被量测,进而检验暗能量是否随时间改变。
Древний младенец спешил вырасти любой ценой. Израильская пещера раскрывает жестокие правила взросления неандертальцев
3 days ago
Как суровый климат палеолита лишал древних людей нормального детства.
CVE-2026-2986 | ajay Contextual Related Posts Plugin up to 4.2.1 on WordPress other_attributes cross site scripting (EUVD-2026-23674)
3 days ago
A vulnerability was found in ajay Contextual Related Posts Plugin up to 4.2.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument other_attributes results in cross site scripting.
This vulnerability is cataloged as CVE-2026-2986. The attack may be launched remotely. There is no exploit available.
vuldb.com
Apple Works on Fix for iPhone Passcode Bug Linked to Missing Czech Keyboard Character
3 days ago
Apple is reportedly developing a software fix for a frustrating iOS 26 bug that has left some users entirely locked out of their iPhones for months. According to a recent report by The Register, Cupertino’s software engineers are scrambling to patch a keyboard interface flaw that inadvertently removed a specific special character necessary for unlocking […]
The post Apple Works on Fix for iPhone Passcode Bug Linked to Missing Czech Keyboard Character appeared first on Cyber Security News.
Dhivya
Обновление iOS 26.4.1 массово ломает айфоны. Хотите откатиться? Как бы не так — Apple закрыла дорогу назад
3 days 1 hour ago
Пользователи угодили в капкан Recovery Mode. Как выбираться? Возможно, ценой ваших данных.
Researcher Uses Claude Opus to Build a Working Chrome Exploit Chain
3 days 1 hour ago
Amidst the heated debate surrounding Anthropic’s recent announcement of its Mythos and Project Glasswing models, a security researcher has demonstrated the tangible cybersecurity implications of frontier AI. Moving beyond theoretical warnings, the researcher successfully utilized Claude Opus to construct a fully functional exploit chain targeting Google Chrome’s complex V8 JavaScript engine. The experiment highlights a […]
The post Researcher Uses Claude Opus to Build a Working Chrome Exploit Chain appeared first on Cyber Security News.
Dhivya