Aggregator
Представлен процессор, который выживет в космосе даже во время ядерной войны
New GIFTEDCROOK Chain Abuses WinRAR ADS and Reflective Loading to Steal Browser Data
A newly documented attack chain tied to threat actor group UAC-0226 is putting Windows users at serious risk. The campaign uses booby-trapped WinRAR archives, hidden file streams, and a sophisticated memory-loading technique to deliver GIFTEDCROOK, a stealer malware designed to quietly drain browser credentials, cookies, and sensitive documents from infected machines. The attack has shown […]
The post New GIFTEDCROOK Chain Abuses WinRAR ADS and Reflective Loading to Steal Browser Data appeared first on Cyber Security News.
macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
FCC votes to toughen rules in bid to better protect undersea cables
Proof’s x401 establishes an open protocol for AI agent identity and authorization
Proof has launched x401, an open, issuer-neutral protocol that lets any website or API ask for and verify the identity behind agents. With x401, a service can ask for the proof it requires: verified identity, age, membership, organizational affiliation, signing authority, proof of humanness, orf another trusted claim. The agent presents a compatible credential and authorization. The service verifies the issuer, claim, scope and action before proceeding. Identity establishes who or what an agent represents. … More →
The post Proof’s x401 establishes an open protocol for AI agent identity and authorization appeared first on Help Net Security.
Сделал дело — и стёр себя. Бэкдор Mistic работает прямо в памяти и не оставляет файлов на диске
The Cloud Giants Are Architecting an Agentic Future They Can’t Run
Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices
Hackers are no longer waiting in your inbox. A newly identified scam technique places fake invoices directly inside shopping app order histories, making them feel more credible than a typical phishing email. Researchers have observed fraudulent receipts appearing inside the Shop app, the popular order-tracking application from Shopify, catching users off guard in a space […]
The post Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices appeared first on Cyber Security News.
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
[智能体攻防实战] 三.基于精调大模型的网络威胁知识自动抽取与分析(CodeBuddy+千帆)
Critical open-source projects get a new security framework
Open source software projects are getting a new framework for handling security vulnerabilities as AI shortens the time between flaw discovery and exploitation. The Linux Foundation has launched Akrites, an industry initiative that brings together technology companies, financial institutions, security vendors, AI companies, and open source projects to support the remediation and disclosure of vulnerabilities affecting widely used open source software. Akrites aims to establish a common process for addressing security issues in software used … More →
The post Critical open-source projects get a new security framework appeared first on Help Net Security.
Nikkei Warns of Japan’s Ground Self-Defense Force Used USB Drives Infected with a China-linked Malware
A serious cybersecurity breach has come to light in Japan, where the country’s Ground Self-Defense Force (JGSDF) unknowingly used malware-infected USB drives on computers connected to classified military networks. The incident lasted for nearly a year before anyone noticed. What makes this case especially alarming is not just the breach itself, but the fact that […]
The post Nikkei Warns of Japan’s Ground Self-Defense Force Used USB Drives Infected with a China-linked Malware appeared first on Cyber Security News.