Aggregator

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

AI 商业化落地，技术固然重要，生态也举足轻重。

When it comes to spotting threats, security teams need tools that can pull data from all over and make it easier to analyze. In this article, we’ll take a look at some popular open-source tools that help with everything from log management to network and host monitoring, and even incident response. These tools give teams the visibility they need to catch threats early and act fast. Cortex Cortex is developed by TheHive Project to help … More →

The post Tired of gaps in your security? These open-source tools can help appeared first on Help Net Security.

<p>Attackers are getting increasingly creative—not just with their payloads, but with how they deliver and operate them. In a recent Incident Response engagement, TrustedSec investigated a case involving an attacker who…</p>

你是否曾想过：当大模型在给出最终答案前，那段长长的 "思考过程" 里，可能藏着不为人知的风险？

317 тысяч уязвимостей, 45 тысяч исследователей и ни одного мёртвого линка.

本报告基于威胁猎人对全球19.9万个卡BIN段、逾万家发卡机构及上百个黑市渠道的长期监控与分析，系统性揭示了支付卡泄露的全貌与黑灰产运作链条，涵盖从数据窃取、卡料筛选、地下交易到盗刷变现的全流程...

权威认可

MITRE has unveiled a new cybersecurity framework titled AAD APT (Adversarial Actions in Digital Asset Payment Technologies), specifically designed to counter vulnerabilities within digital financial systems, including cryptocurrencies. This initiative extends the principles established...

The post MITRE Unveils AADAPT: A New Cybersecurity Framework to Combat Digital Asset Threats appeared first on Penetration Testing Tools.

Раньше были кремниевые чипы, теперь — CSiGeSn.

In a recent analysis based on the examination of 10 million real-world compromised passwords, researchers at Specops have laid bare the ongoing vulnerability of corporate networks stemming from human error. The passwords were drawn...

The post The Password Crisis: 98.5% of Corporate Passwords Are Insecure, Leaving Networks Vulnerable appeared first on Penetration Testing Tools.

Currently trending CVE - Hype Score: 24 - VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the ...

Currently trending CVE - Hype Score: 3 - In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by ...

Meta has addressed a security vulnerability in its Meta AI chatbot that allowed users to access private prompts and AI-generated responses intended for other individuals. The issue was responsibly disclosed by security researcher Sandeep...

The post Meta AI Chatbot Exposed: Critical Flaw Leaked Private Prompts and Responses appeared first on Penetration Testing Tools.

The latest iteration of the Android malware known as Konfety has grown even more insidious. Researchers at Zimperium zLabs have uncovered a refined variant that employs unconventional ZIP archive structures and encrypted, runtime-loaded code....

The post Konfety Malware Evolves: New Android Variant Uses Malformed ZIPs & Encrypted Code to Evade Detection appeared first on Penetration Testing Tools.

Abacus Market, once the largest Western darknet marketplace supporting Bitcoin transactions, has vanished from the internet without warning. All signs suggest a classic “exit scam,” where platform administrators abscond with users’ funds. An alternative...

The post Abacus Market Vanishes: Was it a $300M+ Crypto Exit Scam or Covert Law Enforcement Takedown? appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 亚马逊旗下Whole Foods（全食超市）的主要供应商——联合天然食品公司（United Natural Foods, Inc.，NYSE：UNFI）表示，2025年6月发生的导致业务运营中断的网络攻击，预计将使2025财年净销售额减少约3.5亿至4亿美元。 这家总部位于罗得岛州的天然食品巨头在周三的更新公告中表示，“预期保险赔款”将大幅抵消这些损失。该公司在7月16日的业务更新中称：“公司预估此次网络事件将使2025财年净销售额减少约3.5亿至4亿美元，净亏损扩大5000万至6000万美元（含预估税费影响），调整后EBITDA（息税折旧摊销前利润）减少约4000万至5000万美元。这些预估数据未反映预期保险赔款的收益，公司预计相关赔款足以覆盖事件损失。除保险理赔外，公司目前预计该事件不会对2025财年第四季度之后产生显著的运营或财务影响。” 该公司曾于6月9日向美国证券交易委员会（SEC）提交文件披露，其于6月5日检测到部分IT系统存在未经授权的活动。为应对入侵，公司关闭了部分系统，导致其履行和配送客户订单的能力受到影响。 UNFI自称是北美最大的全服务杂货供应商，为超过3万个地点配送商品，包括天然产品大型超市、传统连锁超市、电商平台和独立零售商。公司年收入超300亿美元，通过50多个配送中心提供逾25万种天然、有机及传统商品。 UNFI首席执行官桑迪·道格拉斯（Sandy Douglas）表示：“在共渡这段充满挑战的时期期间，我们感谢客户、供应商和员工的抗压能力与配合度。随着运营逐步恢复常态，我们继续专注于为客户和供应商创造附加值，努力成为更高效、更具协作价值的合作伙伴。” 公司更新了全年业绩展望，以反映其在2025财年前三季度的强劲表现，以及6月网络事件相关的预估成本和费用。公告未就该事件提供更多细节，亦未说明攻击是否涉及勒索软件。       消息来源： securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A cybercriminal collective has launched a new Ransomware-as-a-Service (RaaS) platform known as GLOBAL GROUP, actively targeting organizations across Australia, Brazil, Europe, and the United States since early June 2025. According to EclecticIQ, the operation...

The post GLOBAL GROUP: AI-Powered Ransomware Threatens Global Critical Infrastructure appeared first on Penetration Testing Tools.

Government institutions across Southeast Asia have found themselves at the center of a new cyber-espionage campaign aimed at harvesting sensitive information through a previously unknown Windows malware tool known as HazyBeacon. Tracked by Palo...

The post HazyBeacon: New Windows Backdoor Uses AWS Lambda for Stealthy Cyber-Espionage in Southeast Asia appeared first on Penetration Testing Tools.

AsyncRAT, first introduced on GitHub in January 2019, has evolved into one of the most formidable tools in the cybercriminal arsenal. Its open-source architecture, written in C#, has laid the foundation for a multitude...

The post AsyncRAT’s Dark Evolution: How Open-Source Code Fuels a Growing Malware Empire appeared first on Penetration Testing Tools.