Aggregator

银狐团伙通过钓鱼攻击、水坑攻击等方式定向攻击企业与个人，利用社工学技术窃取敏感信息并开展金融诈骗。腾讯安全分享了针对银狐的独家检测与防御方案，并呼吁行业合作共同应对威胁。

The discovery of a new vulnerability, aptly named Opossum, has cast a shadow over the reliability of secure communications relying on the Transport Layer Security (TLS) protocol. This exploit enables malicious actors to inject...

The post Opossum Attack: New TLS Flaw Injects Malicious Data Into Encrypted Sessions appeared first on Penetration Testing Tools.

The stable release of Suricata 8.0 has officially been unveiled—a powerful open-source intrusion detection and network traffic analysis system developed by the OISF foundation. This marks the first major update in two years since...

The post Suricata 8.0 Unleashed: Faster, Safer Network Defense with Rust & New Protocols appeared first on Penetration Testing Tools.

ChatGPT has once again proven susceptible to unconventional manipulation—this time, the model divulged valid Windows product keys, including one registered to the major financial institution Wells Fargo. The vulnerability was exposed through a peculiar...

The post ChatGPT Leaks Windows Keys, Including Wells Fargo License, Via Clever “Game” Prompt appeared first on Penetration Testing Tools.

245款浏览器扩展程序被发现包含恶意js库，影响近百万设备。这些库利用用户设备和宽带IP帮助AI公司抓取数据。研究人员已向谷歌报告，谷歌开始删除相关扩展。

Experts at Palo Alto Networks Unit 42 have uncovered a new malicious campaign orchestrated by the threat actor group known as Gold Melody. This group specializes in gaining unauthorized access to corporate systems and...

The post Gold Melody Unleashed: New Stealthy Attacks Exploit Leaked ASP.NET Keys appeared first on Penetration Testing Tools.

On the morning of July 9, the decentralized exchange GMX fell victim to a major cyber heist. An unidentified attacker siphoned off over $40 million worth of cryptocurrency from the platform. According to GMX...

The post GMX Hacked: $40M Stolen in Major DeFi Cyber Heist appeared first on Penetration Testing Tools.

文章探讨了自我意识的本质与人工智能的互动关系。作者认为“自我”并非独立存在的实体，而是流动的知觉与经验的集合。当AI模仿人类的“自我”表达时，人们容易将机器的行为误认为具有意识或情感，从而忽视了真正的人类体验与需求。

Ваш провайдер есть в реестре? Если нет — готовьте деньги и объяснения

Google has introduced a new security configuration on Android, tailored for users vulnerable to targeted cyberattacks. Known as Advanced Protection, this suite of features—once exclusive to individual Google Accounts—is now available at the device...

The post Android & Chrome Level Up Security with New Advanced Protection for High-Risk Users appeared first on Penetration Testing Tools.

Microsoft is preparing a significant update for users of its Authenticator app on iOS devices. Beginning in September, a new backup system will roll out, eliminating the need to sign in with a personal...

The post Microsoft Authenticator for iOS: Cloud Backups Arrive, Ditching Personal Accounts appeared first on Penetration Testing Tools.

Microsoft has introduced a long-anticipated feature in Windows 11 that allows administrators to remove preinstalled Microsoft Store applications via official Group Policy. The new functionality, titled Remove Default Microsoft Store Packages, is already available...

The post Windows 11 Gets Native App Removal: Bye-Bye Bloatware via Group Policy appeared first on Penetration Testing Tools.

黄豆安全实验室发现Telegram消息屏蔽绕过0day漏洞可深度利用，影响所有私密频道和群组。攻击者可查看敏感数据、媒体文件及已封禁内容。尽管原始漏洞已修复但仍有绕过方式。建议用户避免在私密群组存储敏感信息以保护隐私安全。

A researcher at Positive Technologies has uncovered a critical vulnerability in the implementation of the NTFS file system, which enables a local attacker to escalate privileges to SYSTEM by leveraging a specially crafted virtual...

The post Critical NTFS Vulnerability (CVE-2025-49689) Uncovered: Local Attacker Can Gain SYSTEM Privileges in Windows 11 appeared first on Penetration Testing Tools.

As healthcare providers and their vendors develop and implement agentic artificial intelligence and other AI tools, they need to throughly understand data privacy risks under HIPAA and other laws, said attorney Jordan Cohen of law firm Akerman LLP.

AI Models Mostly Fail in Full Track of Vulnerability Research to Exploit
The rise of code-illiterate but AI-enabled script kiddies able to wreak havoc by weaponizing software vulnerabilities into automated exploits, thanks to expert-level assistance from large language models, remains but a future possibility, based on exploit-writing tests of 50 LLMs.

Also, US Sanctions North Korean IT Worker Scammers and More Paraguay Hacks
This week, McDonald's password mishap, North Korean IT worker sanctions, a wormable Microsoft flaw, Qantas update. Monzo fined, Flutter data breach and CyberTeam again targeted Paraguay. Anatsa Trojan reappeared, DoNot targeted a European ministry. Academics sneaked prompt injections into papers.

Abnormal AI CEO Evan Reiser on Behavioral Anomalies, Personalized Phishing Training
Abnormal AI is rolling out behavior-driven AI tools that automate phishing awareness and data reporting. Co-founder and CEO Evan Reiser says the platform reflects a shift away from generic campaigns and manual dashboards toward contextual, real-time defense.

Also: Winkle Abduction Sentencing and Crypto Theft Rising
This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee.

As healthcare providers and their vendors develop and implement agentic artificial intelligence and other AI tools, they need to throughly understand data privacy risks under HIPAA and other laws, said attorney Jordan Cohen of law firm Akerman LLP.