Aggregator

Глиняная табличка возрастом 4000 лет рассказывает, как Лис переиграл преисподнюю.

Liberty General's Sachin Joshi on Blending Technology and Empathy for Faster Claims
AI, automation and real-time tools are reshaping insurance claims. "We blend technology with empathy to deliver faster, smarter and more transparent claims," said Sachin Joshi, president of claims, operations and customer service at Liberty General Insurance.

Over 400 Organizations Breached via Ongoing ToolShell Attacks, Researchers Warn
The U.S. government agency that maintains and designs America's nuclear weapons was reportedly breached by attackers exploiting zero-day flaws in on-premises Microsoft SharePoint servers, with researchers now counting over 400 victims, including European and Middle Eastern governments.

Newly Appointed Advisory Group to Support NIS2 and CRA Implementation Across Europe
Beginning Aug. 1, European Union Agency for Cybersecurity, ENISA, will launch a new Advisory Group composed of 26 independent experts to help guide the EU’s cybersecurity strategy through 2027. Their work will support the rollout of the NIS2 Directive and the Cyber Resilience Act.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. [...]

美国国土安全部 (DHS)和美国公民及移民服务局 (USCIS)正在考虑重新评估 H-1B 签证的签发方式。美国政府考虑将 H-1B 签证的分配制度从目前的抽签制改为有利于符合特定标准——可能与技能相关——的申请人制度。H-1B 签证是美国签发给从事专业技术类工作的外籍人士的签证，必须由雇主出面为申请人申请，且申请人的雇用申请书需要美国公民及移民服务局的批准。根据美国公民及移民服务局的数据，截至 2019 年，美国约有 60 万名 H-1B 工人。H-1B 签证备受科技公司的青睐，但长期以来一直饱受批评，因为该签证被认为容易压低美国工人工资，限制移民工人的劳工权利，被外包公司滥用。

The Interlock ransomware gang is aggressively targeting businesses and critical infrastructure in North America and Europe, according to a new warning from the US Cybersecurity and Infrastructure Security Agency (CISA). stepping up its attacks and changing tactics. The agency issued an advisory describing how Interlock picks its victims on the basis of opportunity, carrying out […]

The post Interlock ransomware gang is ramping up activity, CISA warns appeared first on Ransomware.org.

Officials accuse the unnamed suspect of running XSS.is, a key and long-running marketplace with more than 50,000 registered users. The suspect allegedly made more than $8.2 million.

The post Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum appeared first on CyberScoop.

Благодаря новому алгоритму мы можем слышать Вселенную в разы лучше…

OpenAI 披露，ChatGPT 用户每天发送逾 25 亿提示词，其中 3.3 亿来自美国用户，免费版 ChatGPT 周活跃用户超过 5 亿。OpenAI 去年 12 月公布的数据是每天处理逾 10 亿次查询请求，这意味着 8 个月增长超过一倍。这些数据凸显了 ChatGPT 的普及度，它正在改变用户的信息搜索习惯。Google 没有披露它的每日搜索数据，它最近透露一年处理了 5 万亿次搜索请求，平均每天接近 140 亿次。Google 一开始也是免费服务，但最后它不得不依赖广告，它每天的搜索量如果下降则可能会影响广告收入。OpenAI 目前仍然处于烧钱阶段，其付费服务远不足以抵消支出，它最终如何盈利仍然有待观察。

The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system.

The post Cisco network access security platform vulnerabilities under active exploitation appeared first on CyberScoop.

A vulnerability was found in Apple macOS and classified as critical. This issue affects some unknown processing of the component Ruby. The manipulation leads to improper handling of unexpected data type. The identification of this vulnerability is CVE-2022-29181. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nokogiri Gem up to 1.11.0.rc3 on Ruby. It has been rated as critical. This issue affects the function Nokogiri::XML::Schema. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2020-26247. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GoBGP up to 3.34.x and classified as critical. Affected by this vulnerability is the function softwareVersionLen of the file pkg/packet/bgp/bgp.go. The manipulation leads to off-by-one. This vulnerability is known as CVE-2025-43971. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nokogiri up to 1.13.5 on Ruby. It has been classified as critical. Affected is the function #to_s of the component XML Parser/HTML4 SAX Parser. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-29181. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GoBGP up to 3.34.x. Affected is an unknown function of the file pkg/packet/rtr/rtr.go of the component RTR Message Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-43973. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GoBGP up to 3.34.x and classified as problematic. Affected by this issue is some unknown functionality of the file pkg/packet/bgp/bgp.go of the component Flowspec Parser. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-43972. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GoBGP up to 3.34.x. This issue affects some unknown processing of the file pkg/packet/mrt/mrt.go. The manipulation leads to improper validation of specified quantity in input. The identification of this vulnerability is CVE-2025-43970. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.