网络安全资讯

The alert warned that Chinese intelligence officers are posing as recruiters and consultants for front companies based outside China in order to target Five Eyes government and mil...

Cybersecurity researchers at Check Point have uncovered a large-scale SEO poisoning operation that impersonates popular open-source and freeware projects to distribute malware thro...

Unknown attackers maintained undetected access to the Outlook mailbox of a senior executive at a major global stock exchange for at least five months, systematically exfiltrating c...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to...

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabl...

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]...

Relying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. The post Chinese Cybercrime Group in Spotlight for Reco...

Law enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia. The post Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown...

The high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks. The post Cisco Warns of Available PoC for Critical Unified ...

A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub T...

The Cybersecurity and Infrastructure Security Agency (CISA) will release a binding operational directive (BOD) to federal agencies by the end of the week, directing them on how to ...

A state-sponsored cyber-espionage campaign attributed to Pakistan-linked threat actors has been uncovered targeting Afghanistan's Ministry of Finance, leveraging the open-source Xe...

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-...

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a l...

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to te...

A single malicious notification pushed through WhatsApp, Slack, SMS, Signal, Instagram, or Messenger was enough to hijack Google Gemini's voice assistant on Android, according to r...

Cybersecurity researchers at Huntress have uncovered a sophisticated malspam campaign that exploits Google's DoubleClick domain to bypass security filters and deliver a remote acce...

A single leftover debug flag in production builds of several Microsoft 365 Android applications disabled a critical security check, allowing any app installed on the same device to...

Redis has patched a use-after-free vulnerability in its blocking-client code that allows an authenticated user to execute arbitrary OS commands on the host running the database. Tr...

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]...

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to te...

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used t...

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]...

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender....

China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests....

Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix....

A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and dat...

In his first appearance before the panel since being confirmed in March, Mullin said that CISA probably needs “somewhere around” 2,800 employees, despite its ability to hire up to ...

Cybersecurity researchers have disclosed a critical one-click attack chain that abuses Microsoft Visual Studio Code (VS Code) webviews to steal fully scoped GitHub OAuth tokens. Di...

Enterprise identity and access management is approaching a structural breaking point. As organizations scale, identity data fragments across thousands of applications, decentralize...