Aggregator

ETSI has published TS 104 033, a technical specification that defines security requirements for AI computing platforms. The specification establishes a security framework for platforms used to host AI applications in data center and edge computing environments, covering security functions, platform components, interfaces, and services designed to protect AI models, datasets, training processes, and inference workloads. “This work builds on the AI computing platform security framework we have previously developed and marks a significant step … More →

The post ETSI sets security requirements for AI data centers and cloud platforms appeared first on Help Net Security.

Even extortionists occasionally misidentify their targets. Recently, the Nova affiliate program apologized to the Eriell Group. For context, Nova maintains close ties to the RAlord syndicate. Meanwhile, the victim operates as a prominent oilfield...

The post The Rogue Incursion: Ransomware Syndicates and the Geography of Cybercrime appeared first on Information Security News.

Security researchers at Calif recently uncovered a devastating vulnerability designated as the HTTP/2 Bomb. This malicious vector allows remote actors to swiftly overwhelm the volatile memory of prominent web servers. Consequently, the exploit rapidly...

The post The HTTP/2 Bomb: Sophisticated Denial-of-Service Exploitation Threatens Core Web Servers appeared first on Information Security News.

Bridging the Operating System Divide Microsoft recently debuted Coreutils for Windows. This toolkit introduces familiar Linux and macOS utilities natively into the Windows ecosystem. Consequently, these commands function flawlessly without additional translation layers. Software...

The post Native Integration: Microsoft Launches Coreutils for Windows appeared first on Information Security News.

Exploitation of Booking Architecture Guests across dozens of Dutch hotels recently encountered highly deceptive communications. Specifically, these fraudulent notifications demanded immediate payment to validate active room reservations. Consequently, industry data indicates that adversaries successfully...

The post The Hospitality Infiltration: Phishing Wave Targets European Hotel Patrons appeared first on Information Security News.

An insidious zero-day vulnerability has surfaced within the Android ecosystem. Crucially, adversaries are already exploiting this flaw in targeted active operations. The primary danger stems from the completely autonomous nature of the execution vector....

The post Shadow Infiltration: Google Discloses Critical Zero-Click Android Flaw appeared first on Information Security News.

IKEA is currently investigating a bold claim by the cybercrime syndicate Lapsus$. Specifically, the group asserts it breached 180 gigabytes of internal files from Ingka Group. This entity operates as the brand’s primary global...

The post The Retail Blueprint: IKEA Investigates Massive Lapsus$ Extortion Claims appeared first on Information Security News.

Ctrl-Alt-Intel 披露了一起由勒索软件即服务（RaaS）组织 Qilin 关联附属成员引发的重大操作安全（OpSec）失误事件。该附属节点在 2025 年 12 月至 2026 年 3 月期间，连续暴露了 5 个包含完整攻击工具链、配置文件、系统日志及受害者二进制程序的 Web 目录。

Citrix NetScaler appliances are enduring a relentless wave of automated exploits. Consequently, security teams report thousands of malicious incursions daily. Furthermore, the underlying zero-day vulnerability has officially entered the CISA catalog of actively exploited...

The post The NetScaler Siege: Citrix Infrastructure Faces Mass Exploitation appeared first on Information Security News.

If you run a website, you know that a single unpatched vulnerability can take your site offline, dam

Атаки уже идут — и никто не знает, сколько объектов скомпрометировано прямо сейчас.

顶级AI企业高管正与安全专家联手，呼吁美国国会采取行动防范AI带来的生物威胁。包括OpenAI的阿尔特曼、Anthropic的阿莫迪以及DeepMind AI实验室的德米斯·哈萨比斯这三位重量级首席执

The Cybersecurity and Infrastructure Security Agency (CISA) plans to release a directive to federal

error code: 1003

主流 Web 服务器的 HTTP/2 默认配置存在安全缺陷，攻击者可组合压缩炸弹与类 Slowloris 长连接锁死攻击链路实施打击。   加州安全研究人员警示，多款已知拒绝服务（DoS）攻击手法可拼接形成全新攻击利用程序，能造成主流网页服务器下线瘫痪。     该攻击被命名为 HTTP/2 炸弹，借助 OpenAI Codex 工具被发现，它融合了针对 HTTP/2...

中国开展微短剧有害低俗内容专项治理中国国家广播电视总局通报，总局日前部署开展微短剧有害低俗内容和侵权盗版专项治理。本次专项治理为期两个月，将依法依规集中治理部分微短剧存在的涉儿童有害、软色情擦边、拜金