Aggregator
DragonForce
You must login to view this content
Qilin
You must login to view this content
Qilin
You must login to view this content
Qilin
You must login to view this content
Qilin
You must login to view this content
Qilin
You must login to view this content
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Anthropic зовёт мир притормозить ИИ — за неделю до подготовки к IPO на триллион
大黄蜂能利用工具解决问题
Attackers obtained encrypted password vaults from some Dashlane user accounts
Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no evidence that the attackers compromised its internal systems. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experiencing login problems. “Your account has been temporarily suspended for security reasons as someone has attempted to register a new device and didn’t … More →
The post Attackers obtained encrypted password vaults from some Dashlane user accounts appeared first on Help Net Security.
Infosecurity Europe: Practical Lessons From Lloyds' Agentic AI Security Playbook
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
«Соблюдаем законы» — и всё. Apple не объяснила, какие санкции привели к удалению «Макса» из App Store
Захват сервера, утечка данных и выполнение кода. Что нужно знать об уязвимости DarkReplica в Redis
【安全圈】Gamaredon 利用 WinRAR 漏洞对乌克兰目标发起模块化间谍攻击
【安全圈】谷歌云又裁员,安全团队也中招
【安全圈】WeedHack 恶意木马曝光,专针对《我的世界》玩家发起攻击
美国国家安全局使用Anthropic的Mythos开展进攻性网络行
Let’s Encrypt works toward post-quantum certificates at web scale
Let’s Encrypt plans to pursue a post-quantum-safe Web PKI through Merkle Tree Certificates (MTCs), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. The project is targeting late 2026 for a staging environment that issues MTCs, with a production-ready environment planned for 2027. “For much of the last several years, the conversation about post-quantum cryptography has been a conversation about encryption. The reasoning … More →
The post Let’s Encrypt works toward post-quantum certificates at web scale appeared first on Help Net Security.