Aggregator
录用速递|我实验室8篇论文被USENIX Security'26接收!
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
Gartner发布2026年网络安全八大趋势
和谈关键时期,伊朗主要银行遭网络入侵瘫痪,卡系统/ATM终端/App全部中断
CVE-2026-52944 | Linux Kernel up to 6.6.142/6.18.34/7.0.11 ksmbd fsctl_set_sparse permission (Nessus ID 322519)
CVE-2026-52937 | Linux Kernel up to 6.18.33/7.0.10 tap tap_ioctl addr_len stack-based overflow (EUVD-2026-38707 / Nessus ID 322523)
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure
Entrust uses biometrics to verify users during high-risk transactions
Entrust has introduced a new approach to preventing account takeover. As attackers increasingly target high-risk moments like account recovery, device changes, and large transactions, organizations need to modernize authentication from verifying access to verifying the real human behind the transaction. The Entrust Biometric Authentication solution brings identity-centric assurance to these critical interactions, helping organizations reduce fraud while delivering fast, easy end-user experiences. “Too many organizations are treating authentication as a login problem, but attackers have … More →
The post Entrust uses biometrics to verify users during high-risk transactions appeared first on Help Net Security.
CVE-2026-13311 | ljharb shell-quote up to 1.8.4 Accumulator parse algorithmic complexity (GHSA-395f-4hp3-45gv / EUVD-2026-39180)
火山引擎发布《企业级 ArkClaw 安全白皮书》
YesWeHack automates penetration testing with AI-powered agents
YesWeHack announces Agentic Pentest, an on-demand solution using autonomous AI agents to test organisations’ assets and deliver same-day findings. Shaped by YesWeHack’s extensive offensive security experience, Agentic Pentest helps organisations identify vulnerabilities, test their real-world exploitability and uncover attack paths across in-scope assets. The solution supports black box, grey box and white box testing of web applications, mobile apps, APIs and other internet-facing assets. YesWeHack, leader in offensive security in Europe and APAC, leverages the … More →
The post YesWeHack automates penetration testing with AI-powered agents appeared first on Help Net Security.
Why patch directives only go so far
Six weeks of undetected access through a compromised VPN exposes why patching isn't a solution for the organizations already breached.
The post Why patch directives only go so far appeared first on CyberScoop.
诚邀渠道合作伙伴共启新征程
极速扩散!TeamPcp组织利用高阶蠕虫大规模入侵开发者生态
Forescout brings PQC visibility to IT, OT, IoT, and IoMT environments
Forescout has announced the launch of its Post-Quantum Cryptography (PQC) Readiness and Encryption Hygiene Dashboards. The new dashboards are designed to help organizations identify, prioritize, and manage quantum risk across information technology (IT), operational technology (OT), Internet of Things (IoT), and medical devices (IoMT) environments. As organizations face new pressures from regulators, auditors, and boards to demonstrate PQC awareness and progress, Forescout accelerated its development timeline to deliver operational security capabilities to understand and prioritize … More →
The post Forescout brings PQC visibility to IT, OT, IoT, and IoMT environments appeared first on Help Net Security.
Australian Manufacturing VPN Access Available on Darknet
You must login to view this content
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
WhatsApp will warn users before they message a potential scammer
WhatsApp is rolling out a warning screen on Android and iOS that appears before users open chats with unfamiliar phone numbers. Meta hopes that this new feature will help users avoid scammers. WhatsApp chats warning screen (Source: WABetaInfo) “WhatsApp now checks the phone number before someone tries to open a chat with it. If WhatsApp doesn’t see signs that the phone number entered by the user is already trusted, it shows a screen that asks … More →
The post WhatsApp will warn users before they message a potential scammer appeared first on Help Net Security.
Stellar Cyber improves threat detection and data onboarding in new updates
Stellar Cyber has announced continued momentum across Stellar Cyber 6.5 and 6.6. The releases advance the company’s AI-driven, human-augmented SOC vision with governed AI workflows, improved Auto Triage visibility, sharper detections, stronger platform health monitoring, expanded integrations, and faster self-service data onboarding for MSSPs and enterprise security teams. “Customers and partners do not need more alerts or more disconnected tools. They need a platform that helps them detect faster, investigate with more context, bring new … More →
The post Stellar Cyber improves threat detection and data onboarding in new updates appeared first on Help Net Security.