Real-time cybersecurity news from 130+ sources. Updated every 5 minutes.
It echoes earlier alerts from the Netherlands and Germany, and is the latest to warn about targeting of Signal users and others. The post FBI, CISA issue PSA on Russian intelligence campaign to target...
Foster City warned that it is possible the hackers obtained public information, urging anyone that has done business with the city to change personal passwords and take measures to protect personal da...
The men facilitated about $1.28 million in salary from victim U.S. companies by hosting laptop farms and helping remote IT workers assume fake identities. The post Trio sentenced for facilitating Nort...
Project: Simple Mario Game in Python with source code About Project This simple Mario Game project is written in Python. The […] The post Simple Mario Game In PYTHON With Source Code appear...
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The late...
In a 40-page seizure warrant, the FBI outlined multiple digital campaigns launched by Iran’s Ministry of Intelligence and Security (MOIS) through a variety of online monikers, most recently going by t...
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.
The Beta channel has been updated to 147.0.7727.15 for Windows, Mac and Linux.A partial list of changes is available in the Git log. Interested in switching release channels? Find out how. If you find...
The maximum-severity vulnerability, which hasn’t been exploited in the wild yet, affects software customers use to manage networking devices. The post Ubiquiti defect poses account takeover risk for U...
算法战争:从美以对伊行动,看AI+情报的绝对价值 by ourrenDr. Claw: 面向科研全流程的通用 AI 研究助手 by ourren2025太空安全报告 by ourren从AIIDE的架构演进,洞察AI工程化的设计逻辑 by ourrenLearn Claude Code -- 真正的 Agent Harness 工程 by ourrenground-station:开源一...
Weibo Hot Search · 85K views · new · +100% velocity
Security leaders rarely struggle to produce data. The challenge is turning that data into something the board can use to make decisions.Walk into a board meeting with a slide showing 1,200 critical vu...
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabili...
YouTube is where all sports come to life — because no sporting event or game would be complete without the commentary, breakdowns and analysis surrounding it. In 2025 al…
Rep. Darin LaHood (R-IL) talked about recent issues that have cropped up around Section 702 and what needs to be done to get a renewal over the finish line.
How to Implement Dijkstra’s Shortest Path Algorithm in Python razormist Fri, 03/20/2026 - 22:32
The Justice Department said on Thursday evening that the Aisuru, KimWolf, JackSkid and Mossad botnets were used to target victims with distributed denial-of-service (DDoS) attacks that overloaded webs...
The Aisuru, Kimwolf, JackSkid and Mossad botnets enabled cybercriminals to initiate thousands of attacks. A crackdown targeting large-scale botnets continues amid growing challenges. The post Justice ...
Michael Smith, 54, admitted to inflating streaming numbers for hundreds of thousands of AI-generated songs by deploying thousands of fake accounts across major platforms, including Amazon Music, Apple...
NYC lawmakers are pushing to rein in biometric tracking before it turns into real-world surveillance pricing and customer profiling.
A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransom...
Interpol disrupts cybercrime networks, DarkSword steals iOS personal data, and Interlock exploits Cisco 0-day to breach enterprise firewalls.
OverviewRapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities incl...
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.
Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sidel...
A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up t...
A critical memory-corruption flaw in UNISOC’s T612 modem family allows remote code execution (RCE) on vulnerable Android devices using only a malicious cellular video call, enabling one phone to compr...
CISA and the Federal Bureau of Investigation released a Public Service Announcement (PSA) warning about ongoing phishing campaigns cyber actors associated with the Russian Intelligence Services target...
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerab...
A large malware campaign is abusing fake software downloads to infect users with crypto miners, info-stealers, remote access tools, and other payloads. Researchers at McAfee Labs observed 443 maliciou...
Symantec and Carbon Black researchers have discovered a stealthy new infostealer named Speagle. This malware hijacks Cobra DocGuard, a legitimate document security platform developed by the Chinese co...
A new malware campaign is using a stealthy loader called SILENTCONNECT to deploy remote access software on victim systems. Security researchers from Elastic Security Labs report that attackers are abu...
Fake job offers on Google Forms are spreading PureHVNC malware that can take over your device.
Seqrite Labs has uncovered a highly targeted phishing campaign dubbed “Operation GhostMail”. The attack compromised the Ukrainian State Hydrology Agency by exploiting a Cross-Site Scriptin...
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness wi...
Rapid7 has unveiled new cloud security capabilities within Exposure Command. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, valid...
The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, among the largest ever recorded. The post Authorities...
Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitte...
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals ...
https://download.csdn.net/download/weixin_42621710/86262974 求下载里面说明的 drawintl.dll 文件,多谢大佬!
The National Crime Agency’s director general warns that technology is rapidly reshaping crime
ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE...
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vuln...
Эта статья для собственников и директоров малого и среднего бизнеса, у которых в компании есть один ИТ-специалист или ИТ-лидер, отвечающий за все разом. Если сейчас уход такого человека — это катастро...
反调试-打开控制台,自动关闭页面。 大佬们,这种怎么解决啊。没本地覆盖之前,用的是正常的main.js,本地覆盖之后,直接不用了,变成用虚拟机里的了。 图片
Atlassian has patched a high-severity remote code execution (RCE) vulnerability in its Bamboo Data Center platform, a widely used continuous integration and continuous deployment (CI/CD) solution. Tra...
苦于没有直播聚合软件,上班都无法摸!看了一下github上的Simple Live,感觉也不好用,于是自己用AI辅助写了一个直播聚合软件。 我个人用了一周有余了,还是很方便的,所以分享给大家,希望有需要的人能用得上。 软件 ...
Yesterday, I discovered a malicious Bash script that installs a GSocket backdoor on the victim's computer. I don't know the source of the script not how it is delivered to the victim.
https://wenku.baidu.com/view/ee3cbd237a563c1ec5da50e2524de518964bd3e1.html?_wkts_=1773994149389&bdQuery=%E7%A0%94%E7%A9%B6%E5%BC%80%E5%8F%91%E7%9A%84%E7%BB%84%E7%BB%87%E7%AE%A1%E7%90%86%E5%88%B6%E5%BA...
https://blog.csdn.net/reset2021/article/details/158967082
A sophisticated supply chain attack recently targeted Telegram bot developers through a malicious Python package named “pyronut,” which impersonated the legitimate “pyrogram” A...
非常感谢 @sexsexy 帮忙下载一个大文件 , 一点CB,请笑纳 原贴 https://www.52pojie.cn/forum.php?mod=redirect&goto=findpost&ptid=2097775&pid=54994968
一、发布原因:由于前面大佬发布的主题自动关闭,不再接受新的回复,故更新新版本需要重新开帖。[hr] 二、工具简介:OncePower 是一款开源免费、绿色便携、跨平台的文件 / 文件夹批量重命名工具,主打无需正则、可视化操 ...
Semgrep announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds up to 8x more true positives while cuttin...
ConductorOne has announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables ...
Bonfy.AI announced Bonfy Adaptive Content Security (Bonfy ACS) 2.0, a platform built to secure enterprise content across all systems, applications, and AI agents – anywhere data moves, resides, ...
据港媒《Sing Tao Probe》(星岛探知)报道,鉴于客房内偷拍事件呈上升趋势,深圳各大酒店已开始实施更为严格的监控与防范措施。据报道,中国内地多地均接连发生酒店客房内被安装偷拍设备的事件。部分住客在毫不知情的情况下遭到偷拍,相关偷拍视频随后被非法贩卖至网络平台。据境外媒体披露,目前据信已有超过180家酒店被发现存在偷拍设备。在其中一起案件中,一对入住深圳某酒店的香港情侣遭到偷拍,相关视频随...
Продолжаем писать сервис DeadDrop: сегодня идём от монолита к чистой архитектуреВ предыдущей части мы реализовали готовый прототип, но его код был спорным: от смешанной логики до хранения секретов пол...
3月18日上午,国投智能股份“稳进拓远 数创新境”2026年第一季度第二期产品发布会在厦门总部数字立方大厦举行。本次发布会聚焦人工智能技术与电子数据取证领域的深度融合,展现进入L4级自动化取证时代的最新成果,发布多款创新产品——美亚风鸟、手机智能自动化取证方舱、智问系统·系列产品。发布会现场国投智能股份首席技术官吴鸿伟致辞,他表示2026年是“十五五”开局之年,也是公司以产品为核心,稳固传统行业龙...
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, an...
The Jenkins project released a critical security advisory addressing multiple vulnerabilities in its core automation server and the LoadNinja plugin. These flaws expose continuous integration and cont...
Приходилось ли вам браться за задачу, из-за которой прошлый разработчик успел выгореть и сменить компанию? Что ж, мне удалось с такой столкнуться — c задачей обеспечения безопасного локального хранени...
Navia Benefit Solutions has confirmed a significant data breach impacting nearly 2.7 million individuals. The incident resulted from unauthorised access to the company’s systems, exposing sensit...
Microsoft has officially announced the general availability of new Microsoft Teams optimizations designed specifically for the Windows App on both iOS and Android operating systems. This important upd...
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. Thes...
A practitioner’s guide for CTI analysts, detection engineers, and threat huntersContinue reading on InfoSec Write-ups »
Discover how self-healing malware evades detection, repairs itself, and persists using mutation engines, polymorphism, and process…Continue reading on InfoSec Write-ups »
Попытка посмотреть на архитектуру систем сетевой безопасности через призму 4 млрд лет эволюционных экспериментов от директора компании Дмитрия Хомутова. Читать далее
一场网络钓鱼活动正通过伪造谷歌账号安全页面,分发一款网页应用,该应用可窃取一次性验证码、采集加密货币钱包地址,并通过受害者浏览器转发攻击者流量。此次攻击利用渐进式Web应用(PWA)特性与社会工程学手段,诱骗用户以为自己正在与合法的谷歌安全页面交互,从而在不知情中安装恶意程序。 PWA可在浏览器中运行,并能像独立桌面应用一样从网页直接安装,运行时独立成窗,不显示常规浏览器控件。 受害者浏览器沦为攻...
嘶吼安全动态【国内新闻】马自达系统遭入侵,员工信息或泄露摘要:马自达披露其供应链管理系统遭未经授权访问,部分员工及合作方个人信息可能泄露,公司已启动调查并加强防护。原文链接:http://finance.sina.com.cn/roll/2026-03-19/doc-inhrnzrr6851886.shtml暗网犯罪风险再被强调 摘要:有媒体指出暗网正被境外情报与犯罪组织利用,成为数据交易与攻击策...
Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data from a D.C.-based tech company as his six-month contract gig came to a close. The post North Carolina tech worker found gu...
International law enforcement agencies announced Friday dismantling one of the largest known networks of fraudulent platforms on the dark web, uncovering hundreds of thousands of fake websites used to...
Static analysis tells you what might be vulnerable, but dynamic testing tells you what is actually exploitable. Learn why the next era of AppSec requires combining code-level context with live environ...
RSAC Conference Preview: MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says.
As technology companies, we are deeply concerned about the breakdown in EU negotiations to secure the continued protection of minors against child sexual abuse. Allowing…
As AI increases the speed of cyber attacks, governments and businesses must weigh the tradeoffs that come with deploying semi-autonomous AI agents to stop them. The post Can Zero Trust survive the AI ...
Major industry leaders agree to share information and collaborate to boost defenses in the wake of distressing online scams.
The cloud security startup's platform translates and enforces security policies across AWS, Azure, Google Cloud, and Oracle using provider-native controls.
Утилита Easy-RSA изначально была создана в рамках проекта OpenVPN для упрощения управления ключами и сертификатами Инфраструктуры открытого ключа, использующимися для защиты передаваемой по сети инфор...
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable ...
Как известно, SIEM системы предназначены для обнаружения угроз и мониторинга безопасности, но при этом важно учитывать, что и сама SIEM является сложной распределенной системой, с которой также могут ...
Major providers are testing a quantum-safe version of HTTPS that shrinks certificates to one-tenth their previous size, decreasing latency and adding transparency.
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Google is sharing five ways it’s helping to protect you from scammers this tax season.
Our new study shows what happens when contrail avoidance is built directly into the tools airlines already use.
A look at what Google learned when it collaborated with Stanford researchers to find out why some people adopt AI, and some don’t.
Here’s a look at the Ethereum Foundation’s new PQC security effort — and why you need to modernize your SecOps.
Kaggle Community Hackathons enable people to to create their own hackathons with prizes up to $10,000.
Project: Football Scoreboard System in JavaScript with source code Football Scoreboard System is developed using HTML, CSS, and JavaScript. Talking […] The post Football Scoreboard System In Jav...
Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymo...
Austin, United States, March 19th, 2026, CyberNewswire Cybersecurity has entered a new phase, one defined less by reactive controls and more by continuous, intelligence-driven operations. As attack su...
Universal Commerce Protocol (UCP) releases new capabilities, and Google shares a new onboarding experience to simplify UCP integration.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert calling on organizations to aggressively harden their endpoint management systems. Released on March 18, 2026, th...
We’ve signed 1 GW of data center demand response with utility partners, supporting smart, affordable electricity growth.
Security researchers have disclosed a critical multi-stage attack chain affecting Anthropic’s Claude.ai platform, demonstrating how attackers can silently extract sensitive user data and redirect vict...
Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Per...
Weibo Hot Search · 90K views · new · +100% velocity
The Russian state-backed hacker group APT28 targeted a Ukrainian government agency by exploiting a vulnerability in Zimbra webmail software.
Hackers are abusing misconfigured OpenWebUI servers to deploy AI-generated payloads that mine cryptocurrency and steal credentials across Linux and Windows environments, while hiding their activity wi...
In December 2025, security researchers at Zscaler ThreatLabz discovered a new command-and-control (C2) framework implant named SnappyClient. Attackers deliver this malicious tool using the known Hijac...
North Korea-linked threat actor WaterPlum has introduced a highly evasive new malware strain called StoatWaffle. Operating under the well-known “Contagious Interview” campaign, a specific ...
‘Vibe coding’ has moved from buzzword to battleground, and a new malware campaign shows how attackers are abusing AI-assisted development to scale their operations with minimal effort. Vibe coding, a ...
View CSAF Summary Successful exploitation of this vulnerability may risk a Cross-site Scripting or an open redirect attack which could result in an account takeover scenario or the execution of code i...
View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services thr...
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications. The following versions of Automated Logic WebCTRL Premium Serve...
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ Automation Expert product. The EcoStruxure™ Automation Expert product is plant automation software designed for dig...
View CSAF Summary Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition in the affected products. The f...
View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services thr...
Вы настроили Sysmon, у вас работает EDR, события летят в SIEM. Создаётся процесс, вы видите Event ID 1. Загружается DLL, Event ID 7. Всё под контролем. А теперь кто-то загружает в систему один .sys-фа...
Tax season is also peak season for identity theft. Malwarebytes researchers spotted criminals trading stolen tax records on dark web forums.
Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operate...
The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer
Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system. The...
«СёрчИнформ» девятый год подряд проводит исследование уровня информационной безопасности в российских компаниях. Мы опросили 1150 руководителей и специалистов ИБ-подразделений из коммерческого и госуд...
Unit 42 research explores how AI is currently used in malware, from superficial integrations to advanced decision-making, and its future impact. The post Analyzing the Current State of AI Use in Malw...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog,...
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
Aura, a digital security provider, has confirmed a data breach impacting approximately 900,000 user records following a targeted social engineering attack. The incident underscores the growing effecti...
Horabot has resurfaced in Mexico with a more complex, multi‑stage kill chain that blends fake CAPTCHA lures, living-off-the-land scripting, and an email worm‑style spreader to deliver a Latin American...
VueScan是著名的第三方底片扫描仪驱动程序,支持市场可见绝大多数型号的底片扫描仪,可以更为灵活地控制扫描过程,更深入地发掘硬件潜力,获取色彩 完美的高质量扫描结果。VueScan支持200种以上的底片类型,在剪 ...
ConnectWise has issued a critical security update for its ScreenConnect remote desktop software after discovering a high-severity vulnerability that enables attackers to extract machine-level cryptogr...
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intellige...
35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs
Google Threat Intelligence Group (GTIG) has uncovered a highly sophisticated full-chain iOS exploit dubbed “DarkSword,” actively targeting Apple users since November 2025. The exploit chain leverages ...
К 2026 году стало очевидно: классические подходы к защите информационных систем перестали работать не потому, что «появилось больше уязвимостей», а потому что изменилась сама природа инфраструктуры и ...
如有侵权,请版主删帖。 如果不符发布区规则,麻烦请告知。 已查论坛暂无1.4.9版本 使用须知: 本程序着重在于学习,请于下载后24小时内删除;切记不要使用本程序做一些违法乱纪的行为!!! 禁止商用,违者必究 ...
背景:用于学习透视,需要一个可以设置精确旋转度、显示辅助线的方体 功能: 1.能控制旋转 2.显示隐藏辅助线 1.0 下载: https://wwbee.lanzouv.com/iekhX3kzqjkj 密码:3b7c [md]```python import sys ...
这是B站官方出品的免费全能视频剪辑神器,超多万粉UP主都在⽤!支持1080P高清无水印导出,操作简单零门槛,小白也能快速上手。内置海量免费素材,包括B站镇站神曲、二次元贴纸、专业转场特效,还有AI语音转字幕、 ...
A simple web server misconfiguration has provided cybersecurity researchers with an unprecedented view into the inner workings of FancyBear, a sophisticated Russian nation-state threat group. Research...
The ransomware group known as LeakNet is rapidly upgrading its attack methods to infect more victims. Previously averaging three targets per month, the group is now moving away from buying stolen netw...
求下载道客巴巴文件 https://www.doc88.com/p-86119787046642.html
An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on...
转存文件内容:音乐转存,JAY-退后 转存大小:28m 转存方式:蓝奏转夸克 转存链接:https://syale.lanzoul.com/b00wn68a8j 密码:4jb0
因工作需要,经常要为客户编制组织结构图,就写了这个网页版的工具。当然也可以用思维导图类软件或者office来制作,我这个纯粹属于重复造轮子。 压缩包里包括了两个版本的html,一个有导出下载的功能,一个没有。js文件 ...