Aggregator

На месте старой угольной электростанции компания построит батарею из углекислого газа.

Mistic is a stealthy backdoor used by KongTuke-linked actors to keep long-term access in ransomware-targeted networks. Mistic is the kind of backdoor that tells you the operator wants time, not noise. Symantec security researchers say it has shown up in financially motivated attacks against insurance, education, IT, and professional services firms, and they link it […]

大型 AI 实验室正在招聘哲学家。哲学正在进入模型推理、安全宪法、价值取舍、自动驾驶和武器系统，成为训练与部署 AI 的实用工具。

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft. [...]

The phone-cracking firm broke off from its deal with Russia, but Citizen Lab said that didn’t stop authorities from surveilling Andrey Pivovarov.

The post Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract appeared first on CyberScoop.

A dairy products manufacturer in Russia's republic of Bashkortostan is the latest such company to have its operations snarled by a cyberattack.

十年前 AI 浪潮刚起的时候，所有人都给文科学生支招，说想保住饭碗就得去学编程。现在回头看，这建议未必有多高明。

Positive Education запускает практикум для CISO.

在苹果 CEO 库克提前透风数天之后，苹果产品全系列涨价，涨幅少则 50 美元多则上千美元。即使是苹果也无法再自己承担高昂的内存和存储器成本。 苹果在一份声明中表示，“我们从未见过一个组件价格以如此之快、如此之大的幅度上涨。迄今为止，我们一直在尽力为客户抵挡这些涨价，但现在我们已经到了不得不开始提高部分产品价格的地步，包括今天 iPad 和 Mac 的涨价。我们知道这不是一个好消息，我们正在不遗余力地寻找解决方案。”

A vulnerability was found in NLnet Labs NSD up to 4.14.2. It has been declared as critical. This issue affects some unknown processing of the component TLS Connection Handler. The manipulation results in use after free. This vulnerability is identified as CVE-2026-12245. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Email Address Encoder Plugin up to 1.0.24 on WordPress. The impacted element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-5305. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in InPost PL Plugin up to 1.9.0 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the component Destination Handler. The manipulation results in improper access controls. This vulnerability is reported as CVE-2026-9702. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Apache Kvrocks up to 2.15.0. The affected element is an unknown function. Executing a manipulation can lead to permission issues. The identification of this vulnerability is CVE-2026-41566. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

Nathan Austad, who sold access to compromised accounts through a criminal storefront, is the third and final defendant sentenced in the 2022 breach

The post Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack appeared first on CyberScoop.

A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extension description states that it allows users to prevent web

Впервые в истории время отсчитывается внутри атомного ядра.

A relatively new backdoor called Mistic has been deployed in multiple attacks since April 2026 targeting organizations in the insurance, education, IT, and professional services sectors, according to Symantec. The malware appears to be associated with Woodgnat, also known as KongTuke, a financially motivated initial access broker (IAB) active since at least May 2024 that has been connected to ransomware operations including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. “Woodgnat reportedly functions primarily as … More →

The post Stealthy new backdoor surfaces in attacks on multiple sectors appeared first on Help Net Security.

Fraudsters don't attack just one transaction. They target accounts, platforms, and entire ecosystems. IPQS explains the four elevations of fraud prevention and why broader visibility improves fraud detection. [...]

A vulnerability categorized as problematic has been discovered in Ikea Trådfri Gateway. This impacts an unknown function of the component Zigbee Handler. Such manipulation leads to improper handling of unexpected data type. This vulnerability is referenced as CVE-2022-39065. The attack needs to be initiated within the local network. No exploit is available.