Aggregator
CVE-2025-10094 | GitLab Community Edition/Enterprise Edition up to 18.1.5/18.2.5/18.3.1 Token improper validation of specified quantity in input (Patch 528469 / EUVD-2025-29016)
CVE-2025-36222 | IBM Fusion/Fusion HCI/Fusion HCI for Watsonx up to 2.10.1 insecure default initialization of resource
Vimeo 以 13.8 亿美元出售给 Bending Spoons
AMD, Intel и все облачные провайдеры. Уязвимость в популярных процессорах ставит под угрозу безопасность виртуальных машин по всему миру.
CISOs brace for a new kind of AI chaos
AI is being added to business processes faster than it is being secured, creating a wide gap that attackers are already exploiting, according to the SANS Institute. The scale of the problem Attackers are using AI to work at speeds that humans cannot match. Phishing messages are more convincing, privilege escalation happens faster, and automated scripts can adjust mid-attack to avoid detection. The report highlights research showing that AI-driven attacks can move more than 40 … More →
The post CISOs brace for a new kind of AI chaos appeared first on Help Net Security.
Attackers are coming for drug formulas and patient data
In the pharmaceutical industry, clinical trial data, patient records, and proprietary drug formulas are prime targets for cybercriminals. These high-value assets make the sector a constant focus for attacks. Disruptions to research or medicine distribution can have life-threatening consequences. “During global health crises, cyber attackers swiftly exploit vulnerabilities. The COVID-19 pandemic saw a fivefold increase in phishing attempts targeting WHO, with attackers impersonating leadership to distribute malware,” said Flavio Aggio, CISO at the World Health … More →
The post Attackers are coming for drug formulas and patient data appeared first on Help Net Security.
Google убивает блокировщики рекламы. Что делать, чтобы uBlock Origin продолжал работать в Chrome?
ZDI-CAN-26000: CyberArk
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
美国政府漏洞经纪人称“苹果最新的iPhone安全特性让间谍软件制造商的生活更加艰难”
Google объявил войну фотошопу: теперь каждый пиксель будет «стучать» на владельца
お知らせ:JPCERT/CC Eyes「解説:脆弱性関連情報取扱制度の運用と今後の課題について(前編)~公益性のある脆弱性情報開示とは何か~」
Ransomware, vendor outages, and AI attacks are hitting harder in 2025
Ransomware, third-party disruptions, and the rise of AI-powered attacks are reshaping the cyber risk landscape in 2025. A new midyear analysis from Resilience shows how these forces are playing out in real-world incidents and how they are changing the financial impact of attacks on organizations across sectors. The report, based on cyber insurance claims, offers a view into which attacks are hitting hardest and where vulnerabilities are emerging. For CISOs, the findings highlight where defenses … More →
The post Ransomware, vendor outages, and AI attacks are hitting harder in 2025 appeared first on Help Net Security.
CVE-2025-58746
AI算力从云端「下放」,Arm 为手机备好了「新引擎」
一根路亚卖出 60 万支,两个门外汉在拼多多圈粉年轻钓鱼佬?
Паника отменяется: почему в NASA уверены, что межзвездный гость — это просто комета, а не корабль пришельцев
New infosec products of the week: September 12, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Cynomi, DataLocker, Gigamon, Lookout, and Relyance AI. Cynomi simplifies vendor risk management Cynomi’s TPRM provides MSPs and MSSPs with a scalable way to deliver these critical services. By cutting vendor assessment times from 7 – 16 hours down to just 1.5 – 4.5 hours, Cynomi TPRM users can work up to 79% faster. This efficiency directly translates into higher profitability, … More →
The post New infosec products of the week: September 12, 2025 appeared first on Help Net Security.
GitHub遭遇GhostAction供应链攻击 3325个密钥被盗
GitHub近期遭遇一场名为“GhostAction”的供应链攻击,攻击者窃取了3325个敏感密钥,包括PyPI、npm、DockerHub、GitHub的令牌,以及Cloudflare和AWS的访问密钥等。
该攻击由GitGuardian的研究人员发现。据报告,受影响项目之一FastUUID最早出现入侵迹象的时间可追溯至2025年9月2日。
此次攻击的手法是:攻击者利用被攻陷的维护者账户提交代码,植入恶意的GitHub Actions工作流文件。该文件会在“推送(push)”操作或手动触发时自动运行,一旦触发,便会从项目的GitHub Actions环境中读取密钥,并通过curl POST请求将其窃取至攻击者控制的外部域名。
针对FastUUID的恶意工作流
GitGuardian指出,在FastUUID项目中,攻击者窃取了该项目的PyPI令牌,但好在攻击被发现并修复前,软件包索引(package index)上未出现恶意包发布的情况。
然而,深入调查后发现,此次攻击范围远不止FastUUID。研究人员表示,“GhostAction”攻击行动已在至少817个代码仓库中注入了类似的恶意提交,所有被盗密钥均被发送至同一个窃取端点:“bold-dhawan[.]45-139-104-115[.]plesk[.]page”。
攻击者先从合法工作流中枚举密钥名称,再将这些名称硬编码到自己的恶意工作流中,从而窃取多种类型的密钥。
9月5日,GitGuardian摸清攻击的完整范围后,立即在573个受影响的代码仓库中提交了GitHub Issue,并直接通知了GitHub、npm和PyPI的安全团队。目前,已有100个GitHub代码仓库检测到入侵并回滚了恶意修改。
攻击被发现后不久,该密钥窃取端点便已无法解析。 研究人员估计,“GhostAction”攻击中共窃取了约3325个密钥,涵盖PyPI令牌、npm令牌、DockerHub令牌、GitHub令牌、Cloudflare API令牌、AWS访问密钥及数据库凭据等。
泄露密钥的类型和数量
至少有9个npm包和15个PyPI包直接受此影响——在维护者撤销泄露的密钥前,这些包随时可能被发布恶意版本或植入木马的版本。
分析显示,多个软件包生态系统的令牌均遭泄露,包括Rust crate和npm包。有几家公司的整个SDK产品组合都已沦陷,其Python、Rust、JavaScript和Go代码仓库同时受到恶意工作流的影响。
尽管此次攻击与8月末发生的“s1ngularity”攻击在实际操作和技术层面存在一些相似之处,但GitGuardian表示,目前认为这两起攻击并无关联。