Aggregator

Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics
Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure.

ICO Warns Key Security Gaps Led to Exposed Data of Over 630,000 People
A British regulator said a major water sector organization failed to use establish cybersecurity safeguards to secure sensitive data, allowing hackers to use a phishing campaign to gain persistence, steal records and expose more than 630,000 sensitive records.

Cloud Connectivity, Security Operations Providers Reportedly Chop 20%, 7% of Staff
Cloudflare cut more than 1,100 workers from its 5,483-person staff, saying the layoffs will align Cloudflare's operations with AI-driven workflows and productivity gains. And Arctic Wolf laid off 250 workers from its estimated staff of 3,402 to free resources for investment in AI initiatives.

An On Demand video from ID Dataweb
Scattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats.

0Day под заказ – это когда попросил ИИ и получил эксплойт. Google говорит, что это уже реальность.

Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, a

Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues. Taken together, the security flaws open the door to various attacks: poisoning cached DNS entries, slipping past security controls, crashing the dnsmasq process, and in certain scenarios, escalating privileges locally. To address all of this, … More →

The post Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root appeared first on Help Net Security.

据爆料人Jukan发布在X上的帖子称，英特尔即将获得特斯拉的订单，为其生产AI6芯片，这主要是因为特朗普政府对特斯拉施压。无论是最近宣布的苹果订单还是可能达成的特斯拉订单，这些都将成为特朗普政府中期选

阅读： 72026年4月至5月，全球人工智能治理领域迎来了两份具有里程碑意义的政策文件。4月30日，“五眼联盟”网络安全机构联合发布《Careful Adoptio

Researchers have exposed a catastrophic vulnerability hiding inside the “Claude in Chrome” extension. By weaponizing an otherwise harmless, zero-permission extension, invisible attackers can completely hijack the trusted AI assistant. Transform it into a malicious puppet that silently pillages private Gmail messages, restricted Google Drive documents, and secret GitHub repositories. This terrifying blind spot exposes the […]

The post Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data appeared first on Cyber Security News.

根据国家信息安全漏洞库（CNNVD）统计，本周（2026年5月4日至2026年5月10日）安全漏洞情况如下

Свежий пакет исправлений затрагивает WebKit, ядро системы, Spotlight, Команды и механизм скриншотов.

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point.  The more urgent

Agentic AI is already running in production environments across many organizations today. It is exe

中国市场监管总局今日发布公告，附加限制性条件批准腾讯控股有限公司收购喜马拉雅公司股权案。要求腾讯、喜马拉雅和集中后实体作出五项限制性承诺：不得提高在线音频播放平台服务价格、降低服务水平或者附加不合理交

Digg 今年一月初上线了一个 Reddit 克隆版本，提供类似的基于兴趣的社区。但两个月后就宣布关闭，理由是机器人账号泛滥。现在 Digg 准备再次尝试重启，这一次是转向它曾经的模样：新闻聚合。Digg 向 Beta 测试用户展示了新网站的预览，目标是追踪某个领域最具影响力的声音，推送真正值得关注的新闻。AI 是 Digg 目前测试的领域，如果成功将扩展到其他主题。Digg 会实时从 X 抓取内容以判断讨论热点，同时还会进行情感分析、聚类分析和信号检测，判断哪些内容最重要。

网络威胁情报团队DarkAtlas提出基于活动的APT归因框架

业内首次公开发现