Aggregator

Кибердом, 3 октября: встреча для тех, кто отвечает за ИБ в бизнесе.

当前环境异常，需完成验证后方可继续访问。

当前环境出现异常，请完成验证后继续访问。

最新这场攻击属于“流量型DDoS攻击”持续时长虽仅40秒，却是目前Cloudflare抵御过的规模最大攻击。

该供应链攻击已导致至少187款npm包被攻陷，这些包中植入了具备自传播能力的恶意载荷，可进一步感染其他npm包。

Instead of going after software flaws or network weaknesses, attackers are targeting something much easier to steal: identity credentials. A new report from BeyondID calls this growing black market the identity economy, where usernames, passwords, tokens, and access rights are bought and sold much like items on a regular online marketplace. What do you believe will be the most significant AI-related identity security challenge in the next 12-18 months? (Source: BeyondID) For attackers, stolen credentials … More →

The post Inside the economy built on stolen credentials appeared first on Help Net Security.

Cloudflare is using its vast traffic to send responses faster than ever before, by learning the characteristics of each individual network and tuning our congestion control system.

The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. "The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in

英国国家网络安全中心披露针对思科防火墙的零日攻击利用新漏洞植入恶意软件RayInitiator和LINE VIPER。攻击者使用禁用日志、拦截命令等技术并涉及 CVE-2025-20362/333/363 漏洞。受影响设备已过支持期或即将过期，建议更新至修复版本以应对威胁。

In mid-2024, cybersecurity professionals began observing a surge of targeted intrusions against government, defense, and technology organizations worldwide. These incidents were linked to a previously uncharacterized threat group later christened RedNovember, which leverages open-source and commodity tools to deploy a stealthy Go-based backdoor. Initial compromises often stemmed from the exploitation of Internet-facing devices—including VPN appliances, […]

The post RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor appeared first on Cyber Security News.

Cho Yin Yong介绍了自己在Verto Health领导开发创新以及在多伦多大学教授计算机科学的经历，并分享了一个新的故事及其可信度分析。

  … и это может перевернуть навигацию и медицину.

Cho Yin Yong在Verto Health领导开发创新，并在多伦多大学教授计算机科学三年级课程。这篇文章发布于2025年9月26日，包含音频元素和关于故事可信度的内容。

Ransomware activity is climbing again, with a steep increase in the number of victims and the number of groups launching attacks. A new mid-year report from Searchlight Cyber shows how quickly the threat landscape is shifting and why CISOs need to keep adjusting their defenses. Ransomware activity at record levels From January through June, ransomware groups listed 3,734 victims on their public extortion sites. This is a 20% increase over the last half of 2024 … More →

The post Ransomware groups are multiplying, raising the stakes for defenders appeared first on Help Net Security.

当前环境异常，需完成验证后方可继续访问。

研究显示，《Science》及其子刊论文接受率为6.1%，中国学者仅为2.3%，美国和加拿大为8.3%。机构知名程度、共同作者数量及学科主题显著影响接受率。知名机构及多作者论文更易被接受。编辑初筛对稿件录用影响重大。

研究人员使用来自《Science》及其姊妹期刊《Science Advances》内部数据，统计了超过 11 万份论文投稿，其中《Science》投稿接近7万份。结果显示《Science》对所有论文的平均接受率为6.1%。然而在国家层面上，差距异常明显：中国学者的论文接受率只有 2.3%，而美国与加拿大学者则达到 8.3%。此外机构知名程度、共同作者的数量，乃至学科主题，都在无形中塑造着论文不同的命运。调查发现，知名机构的论文更受《Science》青睐。知名程度处于“第一或第二梯队”的机构，论文接受率为 11.6%；而“最末梯队”的机构，接受率仅为 3.4%。共同作者越多，论文接受率越高。有 10 位或更多作者的论文接受率为 9.9%，有 1~5 位作者的论文接收率仅为 3.3%。调查人员将论文主题分为十大类，某类论文的接受率为9.6%，而另一类的接受率仅为 1.7%。调查还揭示了另一个重要事实：论文的命运往往首先掌握在编辑手中。许多稿件甚至还没进入同行评审，就已经被挡在“第一道门”之外。统计分析显示，编辑的初筛比审稿人给出的建议更能影响稿件是否最终被录用。

Cybersecurity researchers at Noma Labs have discovered a critical vulnerability in Salesforce’s Agentforce AI platform that could allow attackers to steal sensitive customer data through sophisticated prompt injection techniques. The vulnerability, dubbed “ForcedLeak,” carries a CVSS score of 9.4, indicating maximum severity. How the Attack Works The ForcedLeak vulnerability exploits Salesforce’s Web-to-Lead functionality, a feature […]

The post Salesforce AI Agent Vulnerability Lets Attackers Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals are increasingly turning to artificial intelligence to enhance their attack capabilities, as demonstrated in a sophisticated phishing campaign recently uncovered by security researchers. The campaign represents a significant evolution in malware obfuscation techniques, utilizing AI-generated code to disguise malicious payloads within seemingly legitimate business documents. This development marks a concerning shift in the threat […]

The post Hackers Leverage AI-Generated Code to Obfuscate Its Payload and Evade Traditional Defenses appeared first on Cyber Security News.

Cybersecurity researchers at Trend Micro have discovered a new and dangerous variant of LockBit ransomware that targets Windows, Linux, and VMware ESXi systems, utilizing advanced obfuscation techniques and sophisticated cross-platform capabilities. Advanced Multi-Platform Attack Strategy LockBit 5.0 represents a significant evolution in ransomware threats, featuring dedicated variants for three critical computing platforms. All variants share […]

The post LockBit 5.0 Ransomware Targets Windows, Linux, and VMware ESXi Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.